Giters

bats3c / Ghost-In-The-Logs

Evade sysmon and windows event logging

Home Page:https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Ghost In The Logs

This tool allows you to evade sysmon and windows event logging, my blog post about it can be found here

Usage

You can grab the lastest release here

Starting off

Once you've got the latest version execute it with no arguments to see the avalible commands

$ gitl.exe

alt text

Loading the hook

$ gitl.exe load

alt text

Enabling the hook (disabling all logging)

$ gitl.exe enable

alt text

Disabling the hook (enabling all logging)

$ gitl.exe disable

alt text

Get status of the hook

$ gitl.exe status

alt text

Prerequisites

  • High integrity administrator privilages

Credits

Huge thanks to:

About

Evade sysmon and windows event logging

https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/

License:MIT License

Languages

Language:C 55.4%Language:C++ 42.0%Language:Objective-C 2.6%Language:PowerShell 0.1%