GitHub

jdu2600/API-To-ETW

Many ETW events are extremely useful for cyber security, but are not (well) documented. 😞 For example, the Kernel-Audit-API-Calls provider sounds interesting, but all of the events are called task_nn ...