Introduction In recent years, there have been numerous published techniques for evading endpoint security solutions and sources such as A/V, EDR and logging facilities. The methods deployed to achi…| bohops
It turns out that there is a method of disabling ETW in .NET, strangely exposed by setting an environment variable of COMPlus_ETWEnabled=0. This post explores how this works.| XPN InfoSec Blog