I’m not sure too many people make content for Empire: Total War these days but I am! And I’m using the excellent Darth Mod to boot https://youtube.com/live/SXJCW7PdQTo?feature=share
Last blog post in my native call stack profiling series just published. This time about the work I did this year in #V8 #Windows #ETW stack walk support: https://blogs.igalia.com/dape/2022/12/21/native-call-stack-profiling-3-3-2022-work-in-v8/
In march, V8 ETW support was broken. After fixing a small regression, we could proceed improving readability of the traces, and improving initialization. This @igalia work was sponsored by #Bloomberg.
The overhead in V8 is very small now, making the traces more accurate. This work is available in V8 10.9.0.
#webperf #bloomberg #etw #windows #V8
Just published the second blog post in my native call stack profiling series, about Event Tracing for Windows and #Chromium: https://blogs.igalia.com/dape/2022/11/29/native-call-stack-profiling-2-3-event-tracing-for-windows-and-chromium/
#ETW is the native tracing/profiling tool in #Windows. It samples stack traces for further analysis. #V8 assists providing information of the JIT-compiled functions, then available for stack walk analysis.
Big thanks to @BruceDawson0xB@twitter.com, for his series of blog posts about performance analysis, and for writing #UIForETW. https://github.com/google/UIforETW
#uiforetw #V8 #windows #etw #chromium
Remote Thread Injection & API #Monitoring + #ETW for Defenders
[ #blueteam ]
https://damonmohammadbagher.github.io/Posts/11Feb2021x.html
RT @citronneur@twitter.com
Do you miss Microsoft Message Analyzer? Try Winshark, a set of #Wireshark plugins to capture and analyze #ETW in real time! #DFIR #WindowsInternals #SSTIC
https://github.com/airbus-cert/Winshark
🐦🔗: https://twitter.com/citronneur/status/1268187631042605056
#wireshark #etw #dfir #WindowsInternals #sstic
Just published: Solving #Windows Log Collection Challenges with Event Tracing https://nxlog.co/whitepapers/windows-event-tracing #etw
Event Tracing for Windows (ETW) logs kernel, application and other system activity. ETW provides better data and uses less resources.
I also added a section with an example of messing around with ETW for another reason to do ETW data centralization.
This part had to be taken out though: https://infosec.exchange/@superruserr/103514722074754232
Intrusion Detection with #ETW
https://blog.zacbrown.org/2017/04/11/hidden-treasure-intrusion-detection-with-etw-part-1
https://blog.zacbrown.org/2017/05/9/hidden-treasure-intrusion-detection-with-etw-part-2