@debugprivilege : I did two write-ups about ETW. The first one will cover how to capture an ETW trace and covers a case-study using the WinInet provider to analyze Cobalt Strike. The second one covers how EDR are using the DotNetRuntime ETW. 1. github.com/DebugPrivilege… 2. github.com/DebugPrivilege… • TwiCopy

DebugPrivilege

@debugprivilege

+ Follow

Self-Claimed Security “Researcher” | Ex-MSFT | @XintraOrg lab contributor | Former Microsoft MVP | Interested in Security, Debugging, and Troubleshooting.

ID: 832855627026354176

linkhttps://github.com/DebugPrivilege calendar_today18-02-2017 07:33:50

6,6K Tweet

38,38K Takipçi

2,2K Takip Edilen

DebugPrivilege

@debugprivilege

8 months ago

I did two write-ups about ETW. The first one will cover how to capture an ETW trace and covers a case-study using the WinInet provider to analyze Cobalt Strike. The second one covers how EDR are using the DotNetRuntime ETW. 1. github.com/DebugPrivilege… 2. github.com/DebugPrivilege…