Windows Events — Part 3 — Disrupt Code Execution with ETW
Background First two parts with about observing process: what is it doing? Part 1 touched onWindows Process Auditing & Part 2 covered Sysmon. This sharing illustrates how to use Event Tracing for Windows to disrupt malicious Code-Execution. Some terms & concepts are based on background materials from my Cyber Security in 7 weeks series. Outline & Objectives Learn that evasions are cheap & effective against paid controls that are based on signature detection.