Last year, I blogged about Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion. In that part 1 post, we covered:
The purpose of .NET Usage Logs and when they are created
How Usage Logs are used to detect suspicious activity
Several mechanisms for tampering with Usage Logs to avoid log creation and subsequent detection
Defensive considerations for potentially detecting nefarious activity around .NET and Usage Log tampering.
Recently, I revisited the research t…