Windows Events - Part 3 - Disrupt Code Execution with ETW


Outline & Objectives

  1. Learn that evasions are cheap & effective against paid controls that are based on signature detection.

  2. Review case studies of existing products & gain ideas to disrupt offensive TTPs.

  3. Quick introduction to ETW to prepare you for C# code compilation & step-through of a simple App-Control program.

  4. Simulate Multi-stage or Chained Code-Execution & watch it being disrupted by this simple App-Control, to experience & strengthen understanding of earlier sections.

Full article: