Idov31/EtwLeakKernel external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Idov31/EtwLeakKernel

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Idov31/EtwLeakKernel)

Close

Idov31 / EtwLeakKernelView on GitHubMore

• External links
• Readme badge

Leaking kernel addresses from ETW consumers. Requires Administrator privileges.

☆91Nov 6, 2025Updated 4 months ago

Alternatives and similar repositories for EtwLeakKernel

Users that are interested in EtwLeakKernel are comparing it to the libraries listed below

• amroes / FlexSheller

  View on GitHub
  ☆12Feb 4, 2025Updated last year
• EvilBytecode / Ebyte-Syscalls

  View on GitHub
  Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swa…
  ☆116Oct 30, 2025Updated 4 months ago
• leftp / RegPersist

  View on GitHub
  a BOF implementation of various registry persistence methods
  ☆94Nov 11, 2025Updated 3 months ago
• r0keb / Windows-Kernel-Shellcode

  View on GitHub
  Three different shellcode techniques on the Windows Kernel
  ☆15Apr 8, 2025Updated 10 months ago
• rbmm / remap

  View on GitHub
  break link between dll and it file on disk
  ☆12Sep 2, 2024Updated last year
• ricardojoserf / BOF_Files

  View on GitHub
  Repository to gather the BOF files I will be developing
  ☆11Oct 1, 2024Updated last year
• mallo-m / AxiomSecrets

  View on GitHub
  Dump protected files (SAM,SYSTEM,SECURITY) by parsing the raw NTFS partition
  ☆36Nov 11, 2025Updated 3 months ago
• dexterm300 / CVE-2025-62215-exploit-poc

  View on GitHub
  CVE-2025-62215 is an Elevation of Privilege (EoP) vulnerability in the Windows Kernel, disclosed in November 2025 and confirmed to be act…
  ☆29Nov 14, 2025Updated 3 months ago
• KickedDroid / loadstar

  View on GitHub
  A different approach to writing BOFs in rust.
  ☆19Aug 20, 2025Updated 6 months ago
• NtDallas / BOF_Spawn

  View on GitHub
  Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
  ☆152Nov 23, 2025Updated 3 months ago
• jonny-jhnson / MSFT_DriverBlockList

  View on GitHub
  Repository of Microsoft Driver Block Lists based off of OS-builds
  ☆43Apr 14, 2024Updated last year
• john0312 / hitcon-pcb-badge

  View on GitHub
  ☆46Sep 22, 2025Updated 5 months ago
• L4ys / LazyCross

  View on GitHub
  An IDA Pro plugin that display cross-references to functions or variables across the entire binary in Hex-Rays pseudocode
  ☆128Jan 31, 2026Updated last month
• Karkas66 / EarlyCascadeImprooved

  View on GitHub
  an Improoved Version of 0xNinjaCyclone´s EarlyCascade Code
  ☆22Feb 20, 2025Updated last year
• 0xJs / BYOVD_read_write_primitive

  View on GitHub
  Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
  ☆211Aug 21, 2025Updated 6 months ago
• strozfriedberg / EDRSilencer-BOF

  View on GitHub
  Port of the EDRSilencer tool (https://github.com/netero1010/EDRSilencer) to BOF format
  ☆33Oct 22, 2024Updated last year
• backengineering / pdbgen2

  View on GitHub
  Generate a PDB file given the old PDB file and an address mapping
  ☆52Aug 3, 2025Updated 7 months ago
• GetRektBoy724 / Win32kHooker

  View on GitHub
  .data ptr swapper for newer win32k versions. (Supports Windows 11)
  ☆37Jan 19, 2026Updated last month
• yardenshafir / IoRing_Demos

  View on GitHub
  A repository for I/O ring demos, use cases and performance testing on Windows
  ☆59Aug 2, 2022Updated 3 years ago
• xforcered / Agent-Development-Stack

  View on GitHub
  Backend development stack for agents
  ☆29Jul 30, 2025Updated 7 months ago
• ZehMatt / x86Tester

  View on GitHub
  x86-64 Automated test data generator
  ☆26Aug 18, 2025Updated 6 months ago
• pard0p / Self-Cleaning-PICO-Loader

  View on GitHub
  Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …
  ☆49Nov 2, 2025Updated 4 months ago
• zeze-zeze / ioctlance

  View on GitHub
  A tool that is used to hunt vulnerabilities in x64 WDM drivers
  ☆441Dec 7, 2025Updated 3 months ago
• ShallowFeather / ReadWriteDriver

  View on GitHub
  Read Write Memory without attach
  ☆91Aug 18, 2024Updated last year
• M1ndo / WerDump

  View on GitHub
  A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass
  ☆167Sep 22, 2025Updated 5 months ago
• Fatmike-GH / JitDecrypter

  View on GitHub
  A Just-In-Time Decrypter for Windows executables (x86 and x64) that performs real-time, instruction-level decryption of encrypted code se…
  ☆50Nov 3, 2025Updated 4 months ago
• whokilleddb / funcshenanigans

  View on GitHub
  A bunch of shenanigans using functions, VEH and more
  ☆37Jun 8, 2025Updated 8 months ago
• ucsb-seclab / popkorn-artifact

  View on GitHub
  ☆90Aug 16, 2025Updated 6 months ago
• asgarciap / etw-dns

  View on GitHub
  A simple example application to collect DNS queries logs using etw-api
  ☆27May 11, 2020Updated 5 years ago
• Live-CTF / LiveCTF-DEFCON32

  View on GitHub
  LiveCTF challenges and infrastructure at DEFCON 32 CTF
  ☆21Aug 18, 2025Updated 6 months ago
• hugsy / modern-cpp-windows-driver-template

  View on GitHub
  Windows driver template, using C++20 & cmake & GithubActions
  ☆25Aug 9, 2024Updated last year
• DownWithUp / WarbirdExamples

  View on GitHub
  An example of how to use Microsoft Windows Warbird technology
  ☆97Apr 23, 2023Updated 2 years ago
• CaledoniaProject / drivers-binaries

  View on GitHub
  Exploitable drivers, you know what I mean
  ☆152Nov 16, 2025Updated 3 months ago
• phoen1xxxx / V8sandbox_bypass

  View on GitHub
  V8sandbox_bypass using stack misalignment
  ☆23Aug 25, 2024Updated last year
• KingOfTheNOPs / Get-NetNTLM

  View on GitHub
  Internal Monologue BOF
  ☆79Dec 28, 2024Updated last year
• souzomain / Packer

  View on GitHub
  Packer is a compact, fast and crosss-platform serialization library for store data in a buffer
  ☆22Aug 5, 2023Updated 2 years ago
• pard0p / PICO-Implant

  View on GitHub
  PICO-Implant is a Proof of Concept C2 implant built using Position-independent Code Objects (PICO) for modular functionality. This projec…
  ☆43Nov 9, 2025Updated 3 months ago
• mhaskar / FsquirtCPLPoC

  View on GitHub
  PoC for generating bthprops.cpl module designed to be loaded by Fsquirt.exe LOLBin
  ☆121Jan 4, 2026Updated 2 months ago
• FuzzySecurity / afl-frida-build

  View on GitHub
  Ansible build for Afl++ Frida-Mode
  ☆25Jun 8, 2024Updated last year