|
@@ -4,7 +4,7 @@ Blind Eventlog by suspending its threads. This technique requires elevated privi
|
|
|
Be aware that all events, from the period the threads were suspended, will be pushed to Eventlog the moment the threads are resumed.
|
|
Be aware that all events, from the period the threads were suspended, will be pushed to Eventlog the moment the threads are resumed.
|
|
|
|
|
|
|
|
## Options
|
|
## Options
|
|
|
-`suspend`: find and suspend all Eventlog threads and disrupt its functionality.
|
|
|
|
|
|
|
+`suspend`: find and suspend all Eventlog threads and disrupt its functionality.\n
|
|
|
`resume`: find and resume all Eventlog threads and restore its functionality.
|
|
`resume`: find and resume all Eventlog threads and restore its functionality.
|
|
|
|
|
|
|
|
## Usage
|
|
## Usage
|
|
@@ -14,4 +14,4 @@ Be aware that all events, from the period the threads were suspended, will be pu
|
|
|
- 1\. Make sure Visual Studio is installed and supports C/C++.
|
|
- 1\. Make sure Visual Studio is installed and supports C/C++.
|
|
|
- 2\. Open the `x64 Native Tools Command Prompt for VS <2019/2022>` terminal.
|
|
- 2\. Open the `x64 Native Tools Command Prompt for VS <2019/2022>` terminal.
|
|
|
- 3\. Run the `bofcompile.bat` script to compile the object file.
|
|
- 3\. Run the `bofcompile.bat` script to compile the object file.
|
|
|
-- 4\. In Cobalt strike, use the script manager to load the .cna script to import the tool.
|
|
|
|
|
|
|
+- 4\. In Cobalt strike, use the script manager to load the .cna script to import the tool.
|
REDMED-X