Bypassing ETW For Fun and Profit

by | Dec 11, 2021 | Uncategorized

EDR products have the option of using multiple sources to collect information on a Widows operating system. One of these log sources is ETW (Event Tracing for Windows). ETW consumers are now integrated into many EDR endpoint agents in order to receive CLR Runtime...