eBPF – Modern Linux Telemetry Collection
In a previous article, I covered Window’s kernel driver KAPC injection and how it can be used to enable the collection of security-related telemetry. While KAPC injection, along with a…
Telemetry
How Windows EDR Collects Telemetry with KAPCs (+ How Mimikatz Detects it)
Recently I had to the joy of reading “Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems.” by Matt Hand while on vacation. First off, this is an absolute…