AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Explore a critical security talk from NDC Security in Oslo where Tristan Bennett examines how attackers can manipulate Windows process creation logs. Discover how this vulnerability allows malicious actors to mask their true commands from security logs, potentially evading detection systems including Windows Security, Sysmon, and even Defender XDR. Learn about the technical mechanics behind process log creation, why this technique is particularly dangerous for security analysts, and why Microsoft has indicated this issue may not be fixable. The presentation includes demonstrations showing how both logging-based detections and EDR systems can be compromised, with practical scenarios illustrating the real-world impact of this technique. Understand why this vulnerability could be in widespread use yet remain underreported due to its stealthy nature, and gain insights into the implications for security teams who rely on process logs for threat detection and analysis.
