Skip to content

Commit

Permalink
Added BypassETW task
Browse files Browse the repository at this point in the history
  • Loading branch information
@cobbr
cobbr committed Feb 6, 2021
1 parent 6b47491 commit 5384760
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 5 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Added Covenant trace logging
- Added ServiceBinary launcher, added PSExecCommand Task
- Added OutputKind to LauncherForm
- Added BypassETW task

### Changed
- Disallow Administrators from changing other user's passwords
Expand Down
10 changes: 5 additions & 5 deletions Covenant/Data/Tasks/SharpSploit.Evasion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
Description: SharpSploit is a library for C# post-exploitation modules.
Location: SharpSploit\SharpSploit\
Language: CSharp
CompatibleDotNetVersions: &o0
CompatibleDotNetVersions:
- Net35
- Net40
ReferenceAssemblies:
Expand Down Expand Up @@ -91,9 +91,9 @@
EmbeddedResources: []
ReferenceAssemblies: []
EmbeddedResources: []
- Name: DisableETW
- Name: BypassETW
Aliases: []
Description: Disable ETW by patching the EtwEventWrite function.
Description: Bypass ETW by patching the EtwEventWrite function.
Author:
Name: 'Simone Salucci & Daniel López'
Handle: 'saim1z, attl4s'
Expand All @@ -113,7 +113,7 @@
{
try
{
if (ETW.PatchEtw())
if (ETW.PatchETWEventWrite())
{
return "ETW Patch Succeeded.";
}
Expand All @@ -134,7 +134,7 @@
Description: SharpSploit is a library for C# post-exploitation modules.
Location: SharpSploit\SharpSploit\
Language: CSharp
CompatibleDotNetVersions: &o0
CompatibleDotNetVersions:
- Net35
- Net40
ReferenceAssemblies:
Expand Down

0 comments on commit 5384760

Please sign in to comment.