Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Soledge/BlockEtw
.Net Assembly to block ETW telemetry in current process
https://github.com/Soledge/BlockEtw
Last synced: 22 days ago
JSON representation
.Net Assembly to block ETW telemetry in current process
- Host: GitHub
- URL: https://github.com/Soledge/BlockEtw
- Owner: Soledge
- Created: 2020-05-14T02:40:50.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-05-14T19:24:49.000Z (over 4 years ago)
- Last Synced: 2024-08-05T17:24:24.378Z (4 months ago)
- Language: C#
- Size: 67.4 KB
- Stars: 75
- Watchers: 2
- Forks: 19
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - Soledge/BlockEtw - .Net Assembly to block ETW telemetry in current process (C# #)
README
# BlockETW
.Net 3.5 / 4.5 Assembly to block ETW telemetry in a processYou must "Self-Inject" the blocketw.bin to the session that your beacon lives in
For injecting into a process:
> shinject /opt/shellcode/blocketw.bin
There is no output currently for the command.
It WILL NOT WORK if your using spawntoCredits go to RastaMouse and XPN for creating SharpC2 from which this tool is based
and thier research on ETW bypassing.Release Build is built with .net 4.5 (but can be built for 3.5)
https://rastamouse.me/2020/05/sharpc2/
https://blog.xpnsec.com/hiding-your-dotnet-etw/