Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Spoofing Commands - Can You Trust Process Creation Logs?

NDC Conferences via YouTube

Start learning Write review
GetSmarter Ad

AI Adoption - Drive Business Value and Organizational Impact

Learn More → Boot.dev Ad

The Most Addictive Python and SQL Courses

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a critical security talk from NDC Security in Oslo where Tristan Bennett examines how attackers can manipulate Windows process creation logs. Discover how this vulnerability allows malicious actors to mask their true commands from security logs, potentially evading detection systems including Windows Security, Sysmon, and even Defender XDR. Learn about the technical mechanics behind process log creation, why this technique is particularly dangerous for security analysts, and why Microsoft has indicated this issue may not be fixable. The presentation includes demonstrations showing how both logging-based detections and EDR systems can be compromised, with practical scenarios illustrating the real-world impact of this technique. Understand why this vulnerability could be in widespread use yet remain underreported due to its stealthy nature, and gain insights into the implications for security teams who rely on process logs for threat detection and analysis.

Syllabus

Spoofing Commands - Can You Trust Process Creation Logs? - Tristan Bennett - NDC Security 2025

Taught by

NDC Conferences

Reviews

Start your review of Spoofing Commands - Can You Trust Process Creation Logs?

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.