Windows Event Log Evasion via Native APIs
Some native Windows API calls can be used to install services WITHOUT generating correlating entries in the event log. This was seen in Stuxnet.
https://www.inversecos.com/2022/03/windows-event-log-evasion-via-native.html
#edr #event #log #evasion
Some native Windows API calls can be used to install services WITHOUT generating correlating entries in the event log. This was seen in Stuxnet.
https://www.inversecos.com/2022/03/windows-event-log-evasion-via-native.html
#edr #event #log #evasion
Inversecos
Windows Event Log Evasion via Native APIs