Tag

Etw

3 briefs RSS

ETW Registry Disabled via Registry Modification

Attackers may disable Event Tracing for Windows (ETW) for the .NET Framework by modifying the ETWEnabled registry value, allowing them to evade endpoint detection and response (EDR) tools and hide malicious activity.

.NETFramework +3 etw registry defense-evasion windows t1127 t1685

2r 1t Jan 3, 2024

high advisory

Detection of ETW Disabling via Registry Modification

2 rules

Attackers may disable Event Tracing for Windows (ETW) by modifying specific registry keys to evade detection and hinder security monitoring, potentially leading to further system compromise.

.NETFramework +3 defense-evasion registry-modification etw ransomware windows

2r Jan 3, 2024

high advisory

Registry Modification to Disable .NET ETW Logging

2 rules 1 TTP

Attackers may modify the Windows registry to disable ETW logging for the .NET Framework, hindering endpoint detection and response capabilities.

Splunk Enterprise +2 defense-evasion registry-modification etw

2r 1t Jan 2, 2024