What Sysmon event does APC injection bypass and how?

APC injection bypasses Sysmon's Event ID 8, which logs `CreateRemoteThread` calls. Instead of using `CreateRemoteThread`, the technique relies on `QueueUserAPC` to insert a DLL or shellcode into an existing thread's APC queue. Since Sysmon does not monitor `QueueUserAPC`, no Event ID 8 is generated, effectively evading detection. This method is detailed in DLL Injection via APC - Bypassing Sysmon Monitoring.