This write-up will present a case study of using ETW (Event Tracing for Windows) to analyze an active Cobalt Strike Beacon that was still active and communicating to it's C2 Server.
https://github.com/DebugPrivilege/InsightEngineering/tree/main/Debugging 101/Section 8: Introduction to WPT/WPA Review - How to capture ETW trace?
#c2 , #ETW
———
@islemolecule_source
https://github.com/DebugPrivilege/InsightEngineering/tree/main/Debugging 101/Section 8: Introduction to WPT/WPA Review - How to capture ETW trace?
#c2 , #ETW
———
@islemolecule_source
👍3
Understanding ETW Patching
Credit: jsecurity101
https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b
#internals #windows #ETW
Credit: jsecurity101
https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b
#internals #windows #ETW
❤3👍1