Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion (Part 2)

0
19

Introduction

Last year, I blogged about Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion. In that part 1 post, we covered:

The purpose of .NET Usage Logs and when they are created

How Usage Logs are used to detect suspicious activity

Several mechanisms for tampering with Usage Logs to avoid log creation and subsequent detection

Defensive considerations for potentially detecting nefarious activity around .NET and Usage Log tampering.

Recently, I revisited the research t…

Read More