Shhmon | Neutering Sysmon via driver unload

by matterpreter C# Version: Current License: No License

X-Ray Key Features Code Snippets Community Discussions Vulnerabilities Install Support

kandi X-RAY | Shhmon Summary

Shhmon is a C# library. Shhmon has no bugs, it has no vulnerabilities and it has low support. You can download it from GitLab, GitHub.

While Sysmon's driver can be renamed at installation, it is always loaded at altitude 385201. The objective of this tool is to challenge the assumption that our defensive tools are always collecting events. Shhmon locates and unloads the driver using this strategy:. 1. Uses fltlib!FilterFindFirst and fltlib!FilterFindNext to enumerate drivers on the system in place of crawling the registry. 2a. If a driver is found at altitude 385201, it uses kernel32!OpenProcessToken and advapi32!AdjustTokenPrivileges to grant itself SeLoadDriverPrivilege. 2b. If a driver was not found at 385201, it walks HKLM\SYSTEM\CurrentControlSet\Services looking for a "Sysmon Instance" subkey and if found, assigns the required permission as desrcibed above. 3. If it was able get the required privilege, it calls fltlib!FilterUnload to unload the driver.

Support

Quality

Security

License

Reuse

Support

Shhmon has a low active ecosystem.

It has 169 star(s) with 28 fork(s). There are 10 watchers for this library.

It had no major release in the last 6 months.

Shhmon has no issues reported. There are no pull requests.

It has a neutral sentiment in the developer community.

The latest version of Shhmon is current.

Quality

Shhmon has 0 bugs and 0 code smells.

Security

Shhmon has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

Shhmon code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

Shhmon does not have a standard license declared.

Check the repository for any license declaration and review the terms closely.

Without a license, all rights are reserved, and you cannot use the library in your applications.

Reuse

Shhmon releases are not available. You will need to build from source code and install.

Installation instructions are not available. Examples and code snippets are available.

Top functions reviewed by kandi - BETA

kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of Shhmon

Get all kandi verified functions for this library.

Shhmon Key Features

No Key Features are available at this moment for Shhmon.

Shhmon Examples and Code Snippets

No Code Snippets are available at this moment for Shhmon.

Community Discussions

No Community Discussions are available at this moment for Shhmon.Refer to stack overflow page for discussions.

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install Shhmon

You can download it from GitLab, GitHub.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: