SysmonQuiet
SysmonQuiet copied to clipboard

Published 20 hours ago •

→

Metadata

RDLL for Cobalt Strike beacon to silence sysmon process

Readme
Issues

SysmonQuiet Reflective DLL

Most of the codes come from SEKTOR7 - Windows Evasion Course. This RDLL (requires SeDebugPrivilege privilege) will automatically locate sysmon process and patch its EtwEventWrite API, causing sysmon malfunctioning while the process and its threads are still running.

The effect lasts until next reboot / service restart

Usage - Cobalt Strike

Load SysmonQuiet.cna

beacon> SysmonQuiet

Credits

SEKTOR7 - Windows Evasion Course
https://github.com/stephenfewer/ReflectiveDLLInjection

About

RDLL for Cobalt Strike beacon to silence sysmon process

redteam

sysmon

cobaltstrike

rdll

85

Stars

16

Forks

Watchers

Owner

ScriptIdiot

← Metadata

85

Stars

16

Forks

Watchers

Owner

ScriptIdiot

Metadata

RDLL for Cobalt Strike beacon to silence sysmon process

Back

SysmonQuiet SysmonQuiet copied to clipboard

Metadata

SysmonQuiet Reflective DLL

Usage - Cobalt Strike

Credits

← Metadata

Owner

Metadata

SysmonQuiet
SysmonQuiet copied to clipboard