├── DISCLAIMER.md ├── Makefile ├── Readme.md ├── SACLProtect ├── SACLProtect.sln └── SACLProtect │ ├── Processenumeration.c │ ├── SACLProtect.vcxproj │ ├── SACLProtect.vcxproj.filters │ ├── SACLProtect.vcxproj.user │ ├── Source.c │ └── Tokenprivileges.c ├── bin └── .gitkeep ├── helpers └── convertToHex.py ├── screens └── 1.png └── src ├── EntenLoader ├── EntenLoader.cpp └── SysmonEnte.h.prefix ├── Kueken ├── adjuststack.asm ├── apidef.h ├── apiresolve.c ├── apiresolve.h ├── chkstk.asm ├── events.h ├── hashes.h ├── includes.h ├── main.c └── peb.h └── SysmonEnte ├── adjuststack.asm ├── apidef.h ├── apiresolve.c ├── apiresolve.h ├── chkstk.asm ├── common.h ├── gatetrampolin.asm ├── hashes.h ├── includes.h ├── injection.c ├── injection.h ├── kueken.h.prefix ├── linker.ld ├── main.c ├── misc.c ├── misc.h ├── peb.h ├── recycledgate.c ├── recycledgate.h ├── threads.c ├── threads.h ├── token.c └── token.h /DISCLAIMER.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/DISCLAIMER.md -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/Makefile -------------------------------------------------------------------------------- /Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/Readme.md -------------------------------------------------------------------------------- /SACLProtect/SACLProtect.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/SACLProtect/SACLProtect.sln -------------------------------------------------------------------------------- /SACLProtect/SACLProtect/Processenumeration.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/SACLProtect/SACLProtect/Processenumeration.c -------------------------------------------------------------------------------- /SACLProtect/SACLProtect/SACLProtect.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/SACLProtect/SACLProtect/SACLProtect.vcxproj -------------------------------------------------------------------------------- /SACLProtect/SACLProtect/SACLProtect.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/SACLProtect/SACLProtect/SACLProtect.vcxproj.filters -------------------------------------------------------------------------------- /SACLProtect/SACLProtect/SACLProtect.vcxproj.user: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/SACLProtect/SACLProtect/SACLProtect.vcxproj.user -------------------------------------------------------------------------------- /SACLProtect/SACLProtect/Source.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/SACLProtect/SACLProtect/Source.c -------------------------------------------------------------------------------- /SACLProtect/SACLProtect/Tokenprivileges.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/SACLProtect/SACLProtect/Tokenprivileges.c -------------------------------------------------------------------------------- /bin/.gitkeep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /helpers/convertToHex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/helpers/convertToHex.py -------------------------------------------------------------------------------- /screens/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/screens/1.png -------------------------------------------------------------------------------- /src/EntenLoader/EntenLoader.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/EntenLoader/EntenLoader.cpp -------------------------------------------------------------------------------- /src/EntenLoader/SysmonEnte.h.prefix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/EntenLoader/SysmonEnte.h.prefix -------------------------------------------------------------------------------- /src/Kueken/adjuststack.asm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/Kueken/adjuststack.asm -------------------------------------------------------------------------------- /src/Kueken/apidef.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/Kueken/apidef.h -------------------------------------------------------------------------------- /src/Kueken/apiresolve.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/Kueken/apiresolve.c -------------------------------------------------------------------------------- /src/Kueken/apiresolve.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/Kueken/apiresolve.h -------------------------------------------------------------------------------- /src/Kueken/chkstk.asm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/Kueken/chkstk.asm -------------------------------------------------------------------------------- /src/Kueken/events.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/Kueken/events.h -------------------------------------------------------------------------------- /src/Kueken/hashes.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/Kueken/hashes.h -------------------------------------------------------------------------------- /src/Kueken/includes.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/Kueken/includes.h -------------------------------------------------------------------------------- /src/Kueken/main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/Kueken/main.c -------------------------------------------------------------------------------- /src/Kueken/peb.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/Kueken/peb.h -------------------------------------------------------------------------------- /src/SysmonEnte/adjuststack.asm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/adjuststack.asm -------------------------------------------------------------------------------- /src/SysmonEnte/apidef.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/apidef.h -------------------------------------------------------------------------------- /src/SysmonEnte/apiresolve.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/apiresolve.c -------------------------------------------------------------------------------- /src/SysmonEnte/apiresolve.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/apiresolve.h -------------------------------------------------------------------------------- /src/SysmonEnte/chkstk.asm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/chkstk.asm -------------------------------------------------------------------------------- /src/SysmonEnte/common.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/common.h -------------------------------------------------------------------------------- /src/SysmonEnte/gatetrampolin.asm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/gatetrampolin.asm -------------------------------------------------------------------------------- /src/SysmonEnte/hashes.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/hashes.h -------------------------------------------------------------------------------- /src/SysmonEnte/includes.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/includes.h -------------------------------------------------------------------------------- /src/SysmonEnte/injection.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/injection.c -------------------------------------------------------------------------------- /src/SysmonEnte/injection.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/injection.h -------------------------------------------------------------------------------- /src/SysmonEnte/kueken.h.prefix: -------------------------------------------------------------------------------- 1 | #include "windows.h" 2 | 3 | __attribute__((section(".text"))) BYTE kueken[] = 4 | 5 | -------------------------------------------------------------------------------- /src/SysmonEnte/linker.ld: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/linker.ld -------------------------------------------------------------------------------- /src/SysmonEnte/main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/main.c -------------------------------------------------------------------------------- /src/SysmonEnte/misc.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/misc.c -------------------------------------------------------------------------------- /src/SysmonEnte/misc.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/misc.h -------------------------------------------------------------------------------- /src/SysmonEnte/peb.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/peb.h -------------------------------------------------------------------------------- /src/SysmonEnte/recycledgate.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/recycledgate.c -------------------------------------------------------------------------------- /src/SysmonEnte/recycledgate.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/recycledgate.h -------------------------------------------------------------------------------- /src/SysmonEnte/threads.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/threads.c -------------------------------------------------------------------------------- /src/SysmonEnte/threads.h: -------------------------------------------------------------------------------- 1 | #include "common.h" 2 | 3 | BOOL SuspendResumeThreads(PAPI, DWORD); 4 | -------------------------------------------------------------------------------- /src/SysmonEnte/token.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/token.c -------------------------------------------------------------------------------- /src/SysmonEnte/token.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codewhitesec/SysmonEnte/HEAD/src/SysmonEnte/token.h --------------------------------------------------------------------------------