Skip to content

Latest commit

 

History

History

EnumSysmon

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
beacon.h
beacon.h
 
 
bofcompile.bat
bofcompile.bat
 
 
enumsysmon.c
enumsysmon.c
 
 
enumsysmon.cna
enumsysmon.cna
 
 
enumsysmon.h
enumsysmon.h
 
 
enumsysmon.o
enumsysmon.o
 
 

README.md

EnumSysmon

Verify if Sysmon is running. This can be done by checking the registry or by enumerating Minifilter drivers and search for one that is associated with Sysmon.

Options

  • reg: search the registry to check if Sysmon is present on the system and return the Sysmon service PID if active.
  • driver: list all the Minifilter drivers on the system and check manually if a minifilter is present that is associated with Sysmon (requires elevated privileges).

Usage

  • enumsysmon <reg | driver>

Compile

  • 1. Make sure Visual Studio is installed and supports C/C++.
  • 2. Open the x64 Native Tools Command Prompt for VS <2019/2022> terminal.
  • 3. Run the bofcompile.bat script to compile the object file.
  • 4. In Cobalt strike, use the script manager to load the .cna script to import the tool.