BLUESPAWN icon indicating copy to clipboard operation
BLUESPAWN copied to clipboard

Failed to subscribe error in monitor mode

Open ION28 opened this issue 4 years ago • 1 comments

.\BLUESPAWN-client-x64.exe --monitor -a Cursory


 ____  ____  ____  ____  ____  ____  ____  ____  ____
||B ||||L ||||U ||||E ||||S ||||P ||||A ||||W ||||N ||
||__||||__||||__||||__||||__||||__||||__||||__||||__||
|/__\||/__\||/__\||/__\||/__\||/__\||/__\||/__\||/__\|




[*][LOW] Monitoring the system
[*][LOW] Setting up monitoring for T1036 - Masquerading
[*][LOW] Setting up monitoring for T1037 - Boot or Logon Initialization Scripts
[*][LOW] Setting up monitoring for T1053 - Scheduled Task/Job
[*][LOW] Setting up monitoring for T1055 - Process Injection
[*][LOW] Setting up monitoring for T1068 - Exploitation for Privilege Escalation
[*][LOW] Setting up monitoring for T1070 - Indicator Removal on Host
[WARNING] EventLogs::QueryEvents: Unable to find channel Microsoft-Windows-Sysmon/Operational
[*][LOW] Setting up monitoring for T1136 - Create Account
[*][LOW] Setting up monitoring for T1484 - Group Policy Modification
[*][LOW] Setting up monitoring for T1505 - Server Software Component
[*][LOW] Setting up monitoring for T1543 - Create or Modify System Process
[ERROR] Failed to subscribe to changes to  (Error 6)
[*][LOW] Setting up monitoring for T1546 - Event Triggered Execution
[*][LOW] Setting up monitoring for T1547 - Boot or Logon Autostart Execution
[*][LOW] Setting up monitoring for T1553 - Subvert Trust Controls
[*][LOW] Setting up monitoring for T1562 - Impair Defenses
[*][LOW] Setting up monitoring for T1569 - Service Execution

ION28 avatar Sep 14 '20 23:09 ION28

User also reported the program immediately exiting when running this in monitor mode

ION28 avatar Sep 14 '20 23:09 ION28