From fac6bea46d2ab9a5825b4a909399c948bf7464b2 Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Sun, 26 Sep 2021 15:10:45 +0700
Subject: [PATCH] Add: boku7/injectEtwBypass to Defense Evasion section

---
 Offensive.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Offensive.md b/Offensive.md
index d187593..09e0c44 100644
--- a/Offensive.md
+++ b/Offensive.md
@@ -1129,6 +1129,10 @@ Some tools can be categorized in more than one category. But because the current
         <td><a href="https://github.com/boku7/injectAmsiBypass">boku7/injectAmsiBypass</a></td>
         <td>Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/boku7/injectEtwBypass?s=09">boku7/injectEtwBypass</a></td>
+        <td>CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/br-sn/CheekyBlinder">br-sn/CheekyBlinder</a></td>
         <td>Enumerating and removing kernel callbacks using signed vulnerable drivers</td>