# Detection Experiments

- [Detecting Parent Process Spoofing using KrabsETW](/detection-experiments/detecting-parent-process-spoofing-using-krabsetw.md): This blog post covers how to build a simple PoC program that will use the KrabsETW library to subscribe to an ETW provider in order to detect parent process spoofing.
- [Chainsaw Tool - Search and Hunt Through Event Logs](/detection-experiments/chainsaw-tool-search-and-hunt-through-event-logs.md): A few months ago I wrote a tool in my day job that helps analysts to search and hunt through Windows Event Logs. The relevant blog post and tool links are below.
- [Hunting for C3 Activity](/detection-experiments/hunting-for-c3-activity.md)