TiEtwAgent : PoC Memory Injection Detection Agent Based On ETW, For Offensive And Defensive Research Purposes

TiEtwAgent project was created to research, build and test different memory injection detection use cases and bypass techniques. The agent utilizes Microsoft-Windows-Threat-Intelligence event tracing provider, as a more modern and stable alternative to Userland-hooking, with the benefit of Kernel-mode visibility. The project depends on the microsoft/krabsetw library for ETS setup and consumption. An accompanying blog post can …