├── Code
    ├── BHUSADemo.ps1
    ├── WMIEvasionDemo.ps1
    ├── WmiEventConsumerClassDerivation.ps1
    └── captureWMI_config.xml
├── Slides_Subverting_Sysmon.pdf
└── Whitepaper_Subverting_Sysmon.pdf


/Code/BHUSADemo.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mattifestation/BHUSA2018_Sysmon/HEAD/Code/BHUSADemo.ps1


--------------------------------------------------------------------------------
/Code/WMIEvasionDemo.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mattifestation/BHUSA2018_Sysmon/HEAD/Code/WMIEvasionDemo.ps1


--------------------------------------------------------------------------------
/Code/WmiEventConsumerClassDerivation.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mattifestation/BHUSA2018_Sysmon/HEAD/Code/WmiEventConsumerClassDerivation.ps1


--------------------------------------------------------------------------------
/Code/captureWMI_config.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mattifestation/BHUSA2018_Sysmon/HEAD/Code/captureWMI_config.xml


--------------------------------------------------------------------------------
/Slides_Subverting_Sysmon.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mattifestation/BHUSA2018_Sysmon/HEAD/Slides_Subverting_Sysmon.pdf


--------------------------------------------------------------------------------
/Whitepaper_Subverting_Sysmon.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mattifestation/BHUSA2018_Sysmon/HEAD/Whitepaper_Subverting_Sysmon.pdf


--------------------------------------------------------------------------------