THOR TechPreview version 10.6.8 will introduce a completely new module named ETW Watcher, which runs in a separate thread and monitors the systems during a scan run. As its name indicates, the ETW Watcher module makes use of Event Tracing for Windows (ETW). So,...
THOR 10.6.8 TechPreview with ETW Watcher to Detect CobaltStrike Beacons
read more