33 results found Sort:

google
orbit google
349
4.2k
bsd-2-clause
87
C/C++ Performance Profiler
etw hooking profiler sampling visualizer performance cpu-profiler instrumentation dynamic-instrumentation
Created 2017-09-21
6,737 commits to main branch, last one 25 days ago
rabbitstack
fibratus rabbitstack
194
2.2k
other
70
Adversary tradecraft detection, protection, and hunting
edr etw golang python windows blueteam security adversary windows-kernel instrumentation
Created 2016-03-25
1,039 commits to master branch, last one a day ago
xoofx
ultra xoofx
9
917
bsd-2-clause
7
An advanced profiler for .NET Applications on Windows
etw dotnet profiler
Created 2024-11-18
32 commits to main branch, last one 20 days ago
lowleveldesign
wtrace lowleveldesign
53
672
mit
38
Command line tracing tool for Windows, based on ETW.
etw trace strace profiling diagnostics
Created 2016-09-06
111 commits to master branch, last one 11 months ago
microsoft
krabsetw microsoft
154
614
other
40
KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
etw krabs wrapper nuget-packages
Created 2016-10-24
171 commits to master branch, last one about a month ago
airbus-cert
Winshark airbus-cert
59
538
apache-2.0
28
A wireshark plugin to instrument ETW
etw pcap wireshark
Created 2020-05-29
23 commits to master branch, last one 2 years ago
nasbench
EVTX-ETW-Resources nasbench
70
361
mit
16
Event Tracing For Windows (ETW) Resources
etw logging tracing windows detection windows10 windows11 event-tracing-for-windows
Created 2021-08-07
315 commits to main branch, last one 2 months ago
wecooperate
iMonitorSDK wecooperate
81
345
unknown
11
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
edr etw kernel sysmon procmon defender security zero-trust access-control monitoring-tool endpoint-security
Created 2021-09-25
2 commits to master branch, last one about a month ago
lowleveldesign
debug-recipes lowleveldesign
72
330
cc-by-4.0
48
My notes on software troubleshooting, covering debugging and tracing techniques and tools. Available at wtrace.net.
etw windbg debugging profiling
Created 2014-12-24
442 commits to main branch, last one 2 days ago
DamonMohammadbagher
ETWProcessMon2 DamonMohammadbagher
69
295
unknown
10
ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
etw blueteam imageloads memory-scanner thread-monitor memory-scanning tcpip-monitoring payload-detection processmonitoring realtime-monitoring technique-detection detection-etw-events meterpreter-detection cobaltstrike-detection threat-hunting-via-etw remote-thread-injection threat-hunting-via-sysmon malicious-traffic-detection memory-scanner-by-etw-events virtualmemallocation-detection
Created 2021-07-08
1,247 commits to main branch, last one 9 months ago
fireeye
pywintrace fireeye
58
272
apache-2.0
21
ETW Python Library
etw windows
Created 2017-09-08
67 commits to master branch, last one about a year ago
nettitude
ETWHash nettitude
29
251
unknown
6
C# POC to extract NetNTLMv1/v2 hashes from ETW provider
etw redteam redteam-tools
Created 2023-04-26
2 commits to main branch, last one about a year ago
H4NM
WhoYouCalling H4NM
12
217
mit
3
Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.
etw game-hacking dynamic-analysis malware-analysis malware-research network-analysis full-packet-capture windows-event-tracing
Created 2024-08-04
107 commits to main branch, last one 14 days ago
lahell
PSDiscoveryProtocol lahell
28
166
mit
6
Capture and parse CDP and LLDP packets on local or remote computers
cdp etw lldp cisco parse packet capture powershell
Created 2019-04-30
79 commits to master branch, last one about a year ago
DamonMohammadbagher
Meterpreter_Payload_Detection DamonMohammadbagher
64
160
unknown
13
Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool
etw mpd signature meterpreter etwmonthread thread-injection meterpreter-detection meterpreter-signature etw-monitoring-threads thread-injection-detection meterpreter-payload-detection
Created 2016-12-03
100 commits to master branch, last one 3 years ago
okieselbach
SyncMLViewer okieselbach
23
154
mit
21
A small real time SyncML protocol Viewer
etw mdm syncml omadmclient windows-desktop
Created 2019-10-02
268 commits to master branch, last one 5 days ago
huoji120
MakeInfinityHookGreatAgain huoji120
40
126
unknown
8
让Etwhook再次伟大! Make InfinityHook Great Again!
etw hook
Created 2021-06-23
6 commits to main branch, last one 3 years ago
ScriptIdiot
BOF-patchit ScriptIdiot
18
120
apache-2.0
1
An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.
bof cna etw amsi syscall cobalt-strike
Created 2022-08-15
20 commits to main branch, last one 2 years ago
Siemens-Healthineers
ETWAnalyzer Siemens-Healthineers
11
106
mit
7
Command line tool to analyze one/many ETW file/s with simple queries for common issues.
etw traceprocessing
Created 2022-03-16
699 commits to main branch, last one 18 days ago
microsoft
ETW2JSON microsoft
20
87
mit
18
Tool and library to convert ETW logs to JSON files
etl etw json eventsource
Created 2015-08-03
24 commits to master branch, last one 2 years ago
EvilBytecode
Lifetime-Amsi-EtwPatch EvilBytecode
14
82
unknown
1
Two in one, patch lifetime powershell console, no more etw and amsi!
etw fud amsi amsi-patch etw-bypass pentesting amsi-bypass etw-evasion red-teaming amsi-evasion
Created 2024-06-22
6 commits to main branch, last one 5 months ago
ScriptIdiot
sleepmask_PatchlessHook ScriptIdiot
8
80
unknown
2
Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
etw amsi hwbp sleepmask cobaltstrike
Created 2023-03-15
7 commits to main branch, last one about a year ago
Hagrid29
RemotePatcher Hagrid29
10
78
unknown
3
Patch AMSI and ETW in remote process via direct syscall
etw amsi patch syscall
Created 2022-02-18
3 commits to main branch, last one 2 years ago
Donpedro13
etwprof Donpedro13
15
69
mit
7
Sampling profiler for native applications on Windows, based on ETW
etw profiler
Created 2018-06-10
102 commits to master branch, last one 7 months ago
ProcessusT
UnhookingDLL ProcessusT
11
68
unknown
3
This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
edr etw bypass shellcode dll-unhooking process-hollowing
Created 2023-02-20
9 commits to main branch, last one 10 months ago
nsacyber
PRUNE nsacyber
14
66
other
11
Logs key Windows process performance metrics. #nsacyber
etw process windows performance performance-metrics
This repository has been archived (exclude archived)
Created 2019-05-16
37 commits to master branch, last one 3 years ago
n4r1b
ferrisetw n4r1b
24
65
other
11
Basically a KrabsETW rip-off written in Rust
etw rust tracing windows microsoft
Created 2021-04-26
198 commits to master branch, last one 5 months ago
bi-zone
etw bi-zone
20
61
mit
7
Go library for ETW (Event Tracing for Windows) events processing
go etw golang event-tracing-for-windows
Created 2020-05-12
57 commits to master branch, last one 3 years ago
whokilleddb
ETWListicle whokilleddb
6
52
unknown
2
List the ETW provider(s) in the registration table of a process.
etw etweventregister etwpregistrationtable etwpinsertregistration etwnotificationregister
Created 2023-08-31
3 commits to main branch, last one about a year ago
airbus-cert
etwbreaker airbus-cert
16
50
apache-2.0
10
An IDA plugin to deal with Event Tracing for Windows (ETW)
etw ida
Created 2020-05-29
6 commits to master branch, last one 2 years ago