32 results found Sort:

google
orbit google
347
4.2k
bsd-2-clause
87
C/C++ Performance Profiler
etw hooking profiler sampling visualizer performance cpu-profiler instrumentation dynamic-instrumentation
Created 2017-09-21
6,736 commits to main branch, last one 6 months ago
rabbitstack
fibratus rabbitstack
190
2.2k
other
70
Adversary tradecraft detection, protection, and hunting
edr etw golang python windows blueteam security adversary windows-kernel instrumentation
Created 2016-03-25
999 commits to master branch, last one 4 days ago
lowleveldesign
wtrace lowleveldesign
53
668
mit
38
Command line tracing tool for Windows, based on ETW.
etw trace strace profiling diagnostics
Created 2016-09-06
111 commits to master branch, last one 9 months ago
microsoft
krabsetw microsoft
149
605
other
40
KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
etw krabs wrapper nuget-packages
Created 2016-10-24
165 commits to master branch, last one about a month ago
airbus-cert
Winshark airbus-cert
59
532
apache-2.0
28
A wireshark plugin to instrument ETW
etw pcap wireshark
Created 2020-05-29
23 commits to master branch, last one 2 years ago
nasbench
EVTX-ETW-Resources nasbench
68
347
mit
16
Event Tracing For Windows (ETW) Resources
etw logging tracing windows detection windows10 windows11 event-tracing-for-windows
Created 2021-08-07
315 commits to main branch, last one about a month ago
wecooperate
iMonitorSDK wecooperate
80
343
unknown
11
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
edr etw kernel sysmon procmon defender security zero-trust access-control monitoring-tool endpoint-security
Created 2021-09-25
2 commits to master branch, last one 9 days ago
lowleveldesign
debug-recipes lowleveldesign
72
330
cc-by-4.0
48
My notes on software troubleshooting, covering debugging and tracing techniques and tools. Available at wtrace.net.
etw windbg debugging profiling
Created 2014-12-24
438 commits to main branch, last one 18 days ago
DamonMohammadbagher
ETWProcessMon2 DamonMohammadbagher
66
291
unknown
10
ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
etw blueteam imageloads memory-scanner thread-monitor memory-scanning tcpip-monitoring payload-detection processmonitoring realtime-monitoring technique-detection detection-etw-events meterpreter-detection cobaltstrike-detection threat-hunting-via-etw remote-thread-injection threat-hunting-via-sysmon malicious-traffic-detection memory-scanner-by-etw-events virtualmemallocation-detection
Created 2021-07-08
1,247 commits to main branch, last one 7 months ago
fireeye
pywintrace fireeye
59
267
apache-2.0
21
ETW Python Library
etw windows
Created 2017-09-08
67 commits to master branch, last one about a year ago
nettitude
ETWHash nettitude
29
250
unknown
6
C# POC to extract NetNTLMv1/v2 hashes from ETW provider
etw redteam redteam-tools
Created 2023-04-26
2 commits to main branch, last one about a year ago
H4NM
WhoYouCalling H4NM
11
211
mit
3
Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.
etw game-hacking dynamic-analysis malware-analysis malware-research network-analysis full-packet-capture windows-event-tracing
Created 2024-08-04
93 commits to main branch, last one 17 days ago
lahell
PSDiscoveryProtocol lahell
28
164
mit
6
Capture and parse CDP and LLDP packets on local or remote computers
cdp etw lldp cisco parse packet capture powershell
Created 2019-04-30
79 commits to master branch, last one about a year ago
DamonMohammadbagher
Meterpreter_Payload_Detection DamonMohammadbagher
64
160
unknown
13
Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool
etw mpd signature meterpreter etwmonthread thread-injection meterpreter-detection meterpreter-signature etw-monitoring-threads thread-injection-detection meterpreter-payload-detection
Created 2016-12-03
100 commits to master branch, last one 3 years ago
okieselbach
SyncMLViewer okieselbach
20
147
mit
21
A small real time SyncML protocol Viewer
etw mdm syncml omadmclient windows-desktop
Created 2019-10-02
250 commits to master branch, last one 29 days ago
huoji120
MakeInfinityHookGreatAgain huoji120
40
123
unknown
8
让Etwhook再次伟大! Make InfinityHook Great Again!
etw hook
Created 2021-06-23
6 commits to main branch, last one 3 years ago
ScriptIdiot
BOF-patchit ScriptIdiot
18
119
apache-2.0
1
An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.
bof cna etw amsi syscall cobalt-strike
Created 2022-08-15
20 commits to main branch, last one 2 years ago
Siemens-Healthineers
ETWAnalyzer Siemens-Healthineers
11
106
mit
7
Command line tool to analyze one/many ETW file/s with simple queries for common issues.
etw traceprocessing
Created 2022-03-16
696 commits to main branch, last one about a month ago
microsoft
ETW2JSON microsoft
20
86
mit
18
Tool and library to convert ETW logs to JSON files
etl etw json eventsource
Created 2015-08-03
24 commits to master branch, last one 2 years ago
EvilBytecode
Lifetime-Amsi-EtwPatch EvilBytecode
11
80
unknown
1
Two in one, patch lifetime powershell console, no more etw and amsi!
etw fud amsi amsi-patch etw-bypass pentesting amsi-bypass etw-evasion red-teaming amsi-evasion
Created 2024-06-22
6 commits to main branch, last one 4 months ago
ScriptIdiot
sleepmask_PatchlessHook ScriptIdiot
8
78
unknown
2
Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
etw amsi hwbp sleepmask cobaltstrike
Created 2023-03-15
7 commits to main branch, last one about a year ago
Hagrid29
RemotePatcher Hagrid29
10
77
unknown
3
Patch AMSI and ETW in remote process via direct syscall
etw amsi patch syscall
Created 2022-02-18
3 commits to main branch, last one 2 years ago
Donpedro13
etwprof Donpedro13
15
68
mit
7
Sampling profiler for native applications on Windows, based on ETW
etw profiler
Created 2018-06-10
102 commits to master branch, last one 6 months ago
ProcessusT
UnhookingDLL ProcessusT
11
67
unknown
3
This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
edr etw bypass shellcode dll-unhooking process-hollowing
Created 2023-02-20
9 commits to main branch, last one 8 months ago
n4r1b
ferrisetw n4r1b
24
65
other
11
Basically a KrabsETW rip-off written in Rust
etw rust tracing windows microsoft
Created 2021-04-26
198 commits to master branch, last one 4 months ago
nsacyber
PRUNE nsacyber
14
64
other
11
Logs key Windows process performance metrics. #nsacyber
etw process windows performance performance-metrics
This repository has been archived (exclude archived)
Created 2019-05-16
37 commits to master branch, last one 3 years ago
bi-zone
etw bi-zone
20
59
mit
7
Go library for ETW (Event Tracing for Windows) events processing
go etw golang event-tracing-for-windows
Created 2020-05-12
57 commits to master branch, last one 3 years ago
whokilleddb
ETWListicle whokilleddb
6
51
unknown
2
List the ETW provider(s) in the registration table of a process.
etw etweventregister etwpregistrationtable etwpinsertregistration etwnotificationregister
Created 2023-08-31
3 commits to main branch, last one about a year ago
airbus-cert
etwbreaker airbus-cert
16
50
apache-2.0
10
An IDA plugin to deal with Event Tracing for Windows (ETW)
etw ida
Created 2020-05-29
6 commits to master branch, last one 2 years ago
microsoft
tracelogging microsoft
23
45
other
8
TraceLogging events and tracing
etw lttng windows tracelogging traceloggingdynamic traceloggingprovider
Created 2019-04-30
69 commits to main branch, last one 2 months ago