pat_h/to/file
pat_h/to/file
Put up a PR for ActivityID: https://github.com/microsoft/krabsetw/pull/129 Didn't touch RelatedActivityID, that's a deeper hole involving parsing extended data items
fwiw I used @qjerome 's idea to subscribe to sysmon events and it worked well, so I'll be using that instead of this library. Code roughly looks like: ```go import...
Hey @Happy-Dude, I had a similar requiremt for testing purposes - Wanted to see how Tetragon compares to other eBPF security tools on my test machines that don't have Kubernetues...
Hey @wioxjk , not sure if this is your issue, but I had the same problem when running the server on my localhost on Windows, and just fixed it. The...
Very, very, late, but thanks @tixxdz !
Gave a shot at fixing it: https://github.com/fireeye/SilkETW/pull/14
Hey @jsecurity101 and @MuFengYing, have you tried building and signing your own versions? You could also try disabling all integrity checks with the [nointegritychecks](https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/bcdedit--set#verification-settings) flag
Hi @MuFengYing @jsecurity101 , do you still have an issue?
@Luisfan , I haven't tested it on Windows 11, I suspect you'll need to at least build the project from source and target the Windows 11 WDK and SDK. However...
Also, Processes started as PPL this way won't be visible in the GUI, but you can use DebugOutput and WinDBG to check if things are working (see the `child_example` code...