In this post we will focus on Event Threading for Windows (ETW), how it is used to surface events on .NET assemblies, and how we can evade this kind of detection.| XPN InfoSec Blog
A quick example showing loading CLR via native code - clr_via_native.c| Gist
Write up of my journey figuring out how to host the CLR and execute .NET assemblies from memory in pure Go.| ropnop blog
After the introduction of PowerShell detection capabilities, attackers did what you expect and migrated over to less scrutinised technologies, such as .NET. Fast-forward a few years and many of us...| MDSec