ETWPM2Monitor2 & Remote-Thread-Injection Detection by ETW

Picture 1: ETWProcessMon2 & ETWPM2Monitor2 (v2), Technique Detection
Picture 2: ETWProcessMon2 & ETWPM2Monitor2 (v2), Technique Detection, Injection Event Properties
Picture 3: ETWProcessMon2 & ETWPM2Monitor2 (v2), Technique Detection, Injection Memory Properties
Picture 4: ETWProcessMon2 & ETWPM2Monitor2 (v2), Technique/Payload Detection by Memory Scanner
Picture 5: Payload ETWProcessMon2 & ETWPM2Monitor2 (v2), Technique/Payload Detection by Memory Scanner
Picture 6: ETWProcessMon2 & ETWPM2Monitor2 (v2), Technique/Payload Detection by Memory Scanner
Picture 7: ETWProcessMon2 & ETWPM2Monitor2 (v2), Technique/Payload Detection by Memory Scanner

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store