kernel Featured Sysmon Internals - From File Delete Event to Kernel Code Execution Sysmon File Delete Event Internals and Kernel Code Execution
anti-forensics Sysmon Image File Name Evasion Abusing a bug in Sysmon's driver to fake source processes' image file names.
offense NINA: x64 Process Injection NINA: No Injection, No Allocation x64 Process Injection Technique.