Awesome
Ghost In The Logs
This tool allows you to evade sysmon and windows event logging, my blog post about it can be found here
Usage
You can grab the lastest release here
Starting off
Once you've got the latest version execute it with no arguments to see the avalible commands
$ gitl.exe
Loading the hook
$ gitl.exe load
Enabling the hook (disabling all logging)
$ gitl.exe enable
Disabling the hook (enabling all logging)
$ gitl.exe disable
Get status of the hook
$ gitl.exe status
Prerequisites
- High integrity administrator privilages
Credits
Huge thanks to:
- hfiref0x for the amazing KDU
- everdox for the super cool InfinityHook