A very common technique used by threat actors as well as Red Teams is Process Injection. Nowadays, this technique is getting detected very accurately by EDR vendors - more and more often via Kernel events such as ETWti - which cannot easily get bypassed from Userland. This Blog will show a novel way to avoid detections for Process Injection triggered by ETWti from Kernel.