#threat-intelligence 1 post tagged threat-intelligence. ETW: How Windows 2000's Performance Hack Became the EDR Substrate May 10, 2026 Event Tracing for Windows is the kernel-buffered observability bus every modern Windows EDR consumes. This is the architecture, the attacks, and the one provider that survives them.