27 results found Sort:

google
orbit google
342
4.1k
bsd-2-clause
89
C/C++ Performance Profiler
etw hooking profiler sampling visualizer performance cpu-profiler instrumentation dynamic-instrumentation
Created 2017-09-21
6,736 commits to main branch, last one 2 months ago
lowleveldesign
wtrace lowleveldesign
54
663
mit
38
Command line tracing tool for Windows, based on ETW.
etw trace strace profiling diagnostics
Created 2016-09-06
111 commits to master branch, last one 5 months ago
microsoft
krabsetw microsoft
146
575
other
39
KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
etw krabs wrapper nuget-packages
Created 2016-10-24
157 commits to master branch, last one a day ago
airbus-cert
Winshark airbus-cert
57
521
apache-2.0
28
A wireshark plugin to instrument ETW
etw pcap wireshark
Created 2020-05-29
23 commits to master branch, last one 2 years ago
wecooperate
iMonitorSDK wecooperate
79
334
unknown
10
系统监控开发套件(sysmon、procmon、edr、终端安全、主机安全、零信任、上网行为管理、沙箱)
edr etw kernel sysmon procmon defender security zero-trust access-control monitoring-tool endpoint-security
Created 2021-09-25
96 commits to master branch, last one 9 days ago
nasbench
EVTX-ETW-Resources nasbench
66
330
mit
16
Event Tracing For Windows (ETW) Resources
etw logging tracing windows detection windows10 windows11 event-tracing-for-windows
Created 2021-08-07
311 commits to main branch, last one about a year ago
lowleveldesign
debug-recipes lowleveldesign
72
325
cc-by-4.0
49
My notes on software troubleshooting, covering debugging and tracing techniques and tools. Available at wtrace.net.
etw windbg debugging profiling
Created 2014-12-24
436 commits to main branch, last one 16 days ago
DamonMohammadbagher
ETWProcessMon2 DamonMohammadbagher
67
283
unknown
10
ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
etw blueteam imageloads memory-scanner thread-monitor memory-scanning tcpip-monitoring payload-detection processmonitoring realtime-monitoring technique-detection detection-etw-events meterpreter-detection cobaltstrike-detection threat-hunting-via-etw remote-thread-injection threat-hunting-via-sysmon malicious-traffic-detection memory-scanner-by-etw-events virtualmemallocation-detection
Created 2021-07-08
1,247 commits to main branch, last one 3 months ago
fireeye
pywintrace fireeye
59
263
apache-2.0
21
ETW Python Library
etw windows
Created 2017-09-08
67 commits to master branch, last one about a year ago
nettitude
ETWHash nettitude
29
247
unknown
6
C# POC to extract NetNTLMv1/v2 hashes from ETW provider
etw redteam redteam-tools
Created 2023-04-26
2 commits to main branch, last one about a year ago
DamonMohammadbagher
Meterpreter_Payload_Detection DamonMohammadbagher
64
159
unknown
13
Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool
etw mpd signature meterpreter etwmonthread thread-injection meterpreter-detection meterpreter-signature etw-monitoring-threads thread-injection-detection meterpreter-payload-detection
Created 2016-12-03
100 commits to master branch, last one 2 years ago
lahell
PSDiscoveryProtocol lahell
27
155
mit
6
Capture and parse CDP and LLDP packets on local or remote computers
cdp etw lldp cisco parse packet capture powershell
Created 2019-04-30
79 commits to master branch, last one about a year ago
okieselbach
SyncMLViewer okieselbach
18
129
mit
20
A small real time SyncML protocol Viewer
etw mdm syncml omadmclient windows-desktop
Created 2019-10-02
248 commits to master branch, last one 7 days ago
huoji120
MakeInfinityHookGreatAgain huoji120
41
119
unknown
7
让Etwhook再次伟大! Make InfinityHook Great Again!
etw hook
Created 2021-06-23
6 commits to main branch, last one 2 years ago
ScriptIdiot
BOF-patchit ScriptIdiot
19
115
apache-2.0
1
An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.
bof cna etw amsi syscall cobalt-strike
Created 2022-08-15
20 commits to main branch, last one about a year ago
Siemens-Healthineers
ETWAnalyzer Siemens-Healthineers
10
99
mit
7
Command line tool to analyze one/many ETW file/s with simple queries for common issues.
etw traceprocessing
Created 2022-03-16
687 commits to main branch, last one 2 days ago
microsoft
ETW2JSON microsoft
19
86
mit
18
Tool and library to convert ETW logs to JSON files
etl etw json eventsource
Created 2015-08-03
24 commits to master branch, last one about a year ago
ScriptIdiot
sleepmask_PatchlessHook ScriptIdiot
8
77
unknown
2
Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
etw amsi hwbp sleepmask cobaltstrike
Created 2023-03-15
7 commits to main branch, last one about a year ago
Hagrid29
RemotePatcher Hagrid29
10
73
unknown
3
Patch AMSI and ETW in remote process via direct syscall
etw amsi patch syscall
Created 2022-02-18
3 commits to main branch, last one 2 years ago
Donpedro13
etwprof Donpedro13
14
66
mit
7
Sampling profiler for native applications on Windows, based on ETW
etw profiler
Created 2018-06-10
102 commits to master branch, last one about a month ago
nsacyber
PRUNE nsacyber
14
62
other
11
Logs key Windows process performance metrics. #nsacyber
etw process windows performance performance-metrics
This repository has been archived (exclude archived)
Created 2019-05-16
37 commits to master branch, last one 3 years ago
ProcessusT
UnhookingDLL ProcessusT
9
61
unknown
3
This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
edr etw bypass shellcode dll-unhooking process-hollowing
Created 2023-02-20
9 commits to main branch, last one 4 months ago
bi-zone
etw bi-zone
19
58
mit
7
Go library for ETW (Event Tracing for Windows) events processing
go etw golang event-tracing-for-windows
Created 2020-05-12
57 commits to master branch, last one 3 years ago
n4r1b
ferrisetw n4r1b
19
56
other
11
Basically a KrabsETW rip-off written in Rust
etw rust tracing windows microsoft
Created 2021-04-26
196 commits to master branch, last one 16 days ago
airbus-cert
etwbreaker airbus-cert
20
52
apache-2.0
10
An IDA plugin to deal with Event Tracing for Windows (ETW)
etw ida
Created 2020-05-29
6 commits to master branch, last one about a year ago
DamonMohammadbagher
ETWNetMonv3 DamonMohammadbagher
13
37
unknown
3
ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection &...
etw tcpv4 tcpview blueteam blue-team defensive detection csharp-code meterpreter defensivetool networkmonitor threat-hunting etw-monitoring-threads
Created 2021-05-29
92 commits to main branch, last one 2 years ago
whokilleddb
ETWListicle whokilleddb
4
25
unknown
2
List the ETW provider(s) in the registration table of a process.
etw etweventregister etwpregistrationtable etwpinsertregistration etwnotificationregister
Created 2023-08-31
3 commits to main branch, last one 9 months ago