From 3deb5271eefa42c1f1bcbdc26f1de7a5b80f841b Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Wed, 1 Sep 2021 19:40:58 +0700
Subject: [PATCH] Add: outflanknl/TamperETW to Defense Evasion section

---
 Offensive.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Offensive.md b/Offensive.md
index f532c52..87cbc5e 100644
--- a/Offensive.md
+++ b/Offensive.md
@@ -1256,6 +1256,10 @@ Some tools can be categorized in more than one category. But because the current
         <td><a href="https://github.com/OsandaMalith/PE2HTML">OsandaMalith/PE2HTML</a></td>
         <td>Injects HTML/PHP/ASP to the PE</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/outflanknl/TamperETW">outflanknl/TamperETW</a></td>
+        <td>PoC to demonstrate how CLR ETW events can be tampered.</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/peewpw/Invoke-PSImage">peewpw/Invoke-PSImage</a></td>
         <td>Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute</td>