search

bats3c / EvtMute

Apply a filter to the events being reported by windows event logging
https://blog.dylan.codes/pwning-windows-event-logging/
MIT License
260 stars 51 forks source link

Error: Connection timed out #1

Open super0xbad1dea opened 4 years ago

super0xbad1dea commented 4 years ago

Hi,

Are there any known limitations? Even I've done the injections, it show the error message "Connection time out". Do you have any idea? OS is Windows Server 2016, Windows Defender disabled, PowerShell is elevated.

PS C:\Users\Admin\Downloads> .\SharpEvtMute.exe --Inject
SharpEvtMute by @_batsec_

[i] Found PID: 1004
[+] Injected hook
PS C:\Users\Admin\Downloads> .\SharpEvtMute.exe --Filter "rule disable { condition: true }"
SharpEvtMute by @_batsec_

[!] Connection timed out. Have you injected the hook?
bats3c commented 3 years ago

Looks like the injected DLL has failed, is the process the PID is referring to still alive?

PS. sorry about the late reply... kinda forgot about this project lol