Ghost-In-The-Logs: evade sysmon and windows event logging
Ghost In The Logs
This tool allows you to evade sysmon and windows event logging.
Sysmon and windows event log are both extremely powerful tools in a defender’s arsenal. Their very flexible configurations give them a great insight into the activity on endpoints, making the process of detecting attackers a lot easier.
- High integrity administrator privileges
Once you’ve got the latest version to execute it with no arguments to see the available commands
Loading the hook
$ gitl.exe load
Enabling the hook (disabling all logging)
$ gitl.exe enable
Disabling the hook (enabling all logging)
Get status of the hook
$ gitl.exe status
Read more here.
Copyright (c) 2020 batsec