Immediately after getting access to the target system, the attacker tries to blind its audit tools to remain undetected as long as possible. In this article, I will explain how to blind Sysmon in a covert way making it possible to fool the regular Windows audit. The technique is pretty simple and involves manipulations with handles and security descriptors.