ETW bypass TL;DR: Patch EtwEventWrite / NtTraceEvent so security ETW providers stop emitting events from your process. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References TODO