New ETW Attacks Can Allow Hackers to ‘Blind’ Security Products

15
New ETW Attacks Can Allow Hackers to Blind Security Products

Researchers have discovered two new attack methods that are being be used to “blind” cybersecurity products that rely on a logging mechanism named Event Tracing for Windows (ETW).

ETW, which is automatically available in Windows from Windows XP, is designed to track and log events associated with user mode applications and kernel mode drivers.

ETW in Windows 11 can collect more than 50,000 event types from approximately 1,000 providers, including operating system services, cybersecurity tools, standard applications, DLLs, OS kernels, and drivers.

Read More: Securityweek

For more such updates follow us on Google News ITsecuritywire News