What if I told you that each Windows system has a notification mechanism capable of transferring tens of thousands of messages each second and mere Windows 10 uses more than 1100 talkative components continuously reporting what they are doing?
The type of enthusiasm should depend on the color of the hat you wear. For BlueTeams, the excitement may be a result of a realtime reporting for CVE exploitation attempts. For RedTeams, each network packet and every USB command sent, sounds good enough usually. I will show you the entrance, and I can promise you want to go down the rabbit hole on your own. It's well worth it. Caution: the session contains C, PowerShell, Command Line, and API. You have been warned.
Watch video 14. Grzegorz Tworek - The Good, the Bad and the ETW online without registration, duration hours minute second in high quality. This video was added by user x33fcon 22 November 2020, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,030 once and liked it 20 people.