kernel Featured Sysmon Internals - From File Delete Event to Kernel Code Execution Sysmon File Delete Event Internals and Kernel Code Execution
antivirus Introduction to Threat Intelligence ETW A quick look into ETW capabilities against malicious API calls.