The tracker below includes some commonly known memory-patching bypass techniques for AMSI & ETW:
AMSI
AmsiScanBuffer
amsi.dll
Consumer Patching
AmsiScanString
NdrClientCall3arrow-up-right
rpcrt4.dll
DllGetClassObject
MpOav.dll
(differs between providers)
Provider Patching
ETW
EtwEventWrite
ntdll.dll
NtTraceEvent
EtwNotificationRegister
Last updated 3 days ago
