Windows Events - Part 3 - Disrupt Code Execution with ETW
This part illustrates how we can use events from Event Tracing for Windows to disrupt malicious Code-Execution.
Some terms & concepts are based on background materials from my Cyber Security in 7 weeks series.
Outline & Objectives
Learn that evasions are cheap & effective against paid controls that are based on signature detection.
Review case studies of existing products & gain ideas to disrupt offensive TTPs.
Quick introduction to ETW to prepare you for C# code compilation & step-through of a simple App-Control program.
Simulate Multi-stage or Chained Code-Execution & watch it being disrupted by this simple App-Control, to experience & strengthen understanding of earlier sections.