KiExitDispatcher/Ebyte-ETW-Redirector external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

KiExitDispatcher/Ebyte-ETW-Redirector

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/KiExitDispatcher/Ebyte-ETW-Redirector)

Close

KiExitDispatcher / Ebyte-ETW-RedirectorView on GitHubMore

• External links
• Readme badge

A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to custom proxy.

☆45Jun 1, 2025Updated 9 months ago

Alternatives and similar repositories for Ebyte-ETW-Redirector

Users that are interested in Ebyte-ETW-Redirector are comparing it to the libraries listed below

• KiExitDispatcher / EvilByte-Remote-AMSI-Bypass

  View on GitHub
  Bypasses AMSI protection through remote memory patching and parsing technique.
  ☆55May 12, 2025Updated 10 months ago
• KiExitDispatcher / PhantomDelay

  View on GitHub
  PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …
  ☆19May 8, 2025Updated 10 months ago
• EvilBytecode / EByte-Pattern-AmsiPatch

  View on GitHub
  Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to ne…
  ☆28May 13, 2025Updated 10 months ago
• KiExitDispatcher / Ebyte-AMSI-ProxyInjector

  View on GitHub
  A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…
  ☆64May 16, 2025Updated 10 months ago
• woldann / NThread

  View on GitHub
  Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hook…
  ☆59Oct 10, 2025Updated 5 months ago
• KiExitDispatcher / TaskMgr-Troll

  View on GitHub
  Troll TaskManager, and play with it .
  ☆30Aug 3, 2025Updated 7 months ago
• KiExitDispatcher / Lifetime-Amsi-EtwPatch

  View on GitHub
  Two in one, patch lifetime powershell console, no more etw and amsi!
  ☆103Apr 27, 2025Updated 10 months ago
• winsecurity / AMSI-Bypass-HWBP

  View on GitHub
  ☆26Aug 11, 2025Updated 7 months ago
• EvilBytecode / Nyx-Full-Dll-Unhook

  View on GitHub
  (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
  ☆51May 22, 2025Updated 9 months ago
• dis0rder0x00 / obex

  View on GitHub
  Obex – Blocking unwanted DLLs in user mode
  ☆282Sep 18, 2025Updated 6 months ago
• SaadAhla / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆13Jul 15, 2023Updated 2 years ago
• KiExitDispatcher / Evilbytecode-Shellcode-Go-Tactics

  View on GitHub
  A mutliple tactics to execute shellcode in go :}
  ☆24Apr 21, 2025Updated 10 months ago
• andreisss / Remote-DLL-Injection-with-Timer-based-Shellcode-Execution

  View on GitHub
  Remote DLL Injection with Timer-based Shellcode Execution
  ☆154Jul 18, 2025Updated 8 months ago
• Teach2Breach / nt_unhooker

  View on GitHub
  demo unhooking functions in ntdll
  ☆28Jul 15, 2025Updated 8 months ago
• 5tuk0v / PointyTokenz

  View on GitHub
  Windows Access token manipulation tool made in C#
  ☆24Aug 24, 2025Updated 6 months ago
• maxDcb / DreamWalkers

  View on GitHub
  Reflective shellcode loaderwith advanced call stack spoofing and .NET support.
  ☆228Sep 19, 2025Updated 6 months ago
• tijme / relocatable

  View on GitHub
  Boilerplate to develop raw and truly Position Independent Code (PIC).
  ☆117Jan 20, 2025Updated last year
• ricardojoserf / SharpObfuscate

  View on GitHub
  Obfuscate payloads using IPv4, IPv6, MAC or UUID strings
  ☆23Feb 17, 2024Updated 2 years ago
• nefarius / DLLSpy

  View on GitHub
  DLL Hijacking Detection Tool
  ☆15Jun 21, 2025Updated 9 months ago
• YOLOP0wn / yolo-mssqlclient

  View on GitHub
  custom impacket mssqlclient
  ☆26Sep 16, 2023Updated 2 years ago
• KiExitDispatcher / Amsi-Patch-Updated-2025

  View on GitHub
  How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.
  ☆26Apr 21, 2025Updated 10 months ago
• RWXstoned / LdrShuffle

  View on GitHub
  Code execution/injection technique using DLL PEB module structure manipulation
  ☆224Jun 4, 2025Updated 9 months ago
• Print3M / ByteCaster

  View on GitHub
  Swiss Army Knife for payload encryption, obfuscation, and conversion to byte arrays – all in a single command (14 output formats supporte…
  ☆212Mar 7, 2026Updated last week
• h41th / Simple-Crystal-Palace-RDLL-template-for-Adaptix

  View on GitHub
  ☆37Feb 12, 2026Updated last month
• cybersectroll / TrollAMSIdotnet

  View on GitHub
  ☆16Jun 15, 2025Updated 9 months ago
• gglessner / hack3270

  View on GitHub
  hack3270 is a python3 based tool to manipulate tn3270 data streams, specifically to perform application penetration testing of mainframe …
  ☆24Feb 21, 2026Updated 3 weeks ago
• Synarcs / DNSObelisk

  View on GitHub
  Advanced kernel-native security framework to disrupt and prevent DNS-based breaches including C2 channels and tunneling with zero data lo…
  ☆32Aug 30, 2025Updated 6 months ago
• 0xsch1zo / NullGate

  View on GitHub
  Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.
  ☆166Jul 30, 2025Updated 7 months ago
• Mr-Un1k0d3r / DotnetNoVirtualProtectShellcodeLoader

  View on GitHub
  load shellcode without P/D Invoke and VirtualProtect call.
  ☆169Sep 2, 2025Updated 6 months ago
• 0xHossam / HuffLoader

  View on GitHub
  Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
  ☆283Apr 6, 2025Updated 11 months ago
• NoahKirchner / jopcall

  View on GitHub
  Dynamic Indirect Syscalls via JOP/ROP in Pure no_std, no_alloc, no dependency Rust
  ☆43Aug 6, 2025Updated 7 months ago
• moiz-2x / CVE-2025-21420_POC

  View on GitHub
  Proof of Concept CVE-2025-21420 (Windows Disk Cleanup Tool EoP)
  ☆56Jun 12, 2025Updated 9 months ago
• susMdT / clr-thing

  View on GitHub
  rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.
  ☆17Jan 6, 2024Updated 2 years ago
• KiExitDispatcher / ExitPatcher

  View on GitHub
  Prevent in-process process termination by patching exit APIs
  ☆65Nov 9, 2025Updated 4 months ago
• jdu2600 / Etw-SyscallMonitor

  View on GitHub
  Monitors ETW for security relevant syscalls maintaining the set called by each unique process
  ☆89May 17, 2023Updated 2 years ago
• aitorfirm / BlackIris

  View on GitHub
  Thats it! An Open-Source Windows UEFI Rootkit
  ☆29Jul 19, 2025Updated 8 months ago
• moiz-2x / CVE-2025-24990_POC

  View on GitHub
  Proof of Concept CVE-2025-24990 (Agere Systems's driver)
  ☆54Oct 31, 2025Updated 4 months ago
• toneemarqus / Shadow-Command-C2-Framework

  View on GitHub
  ☆37Aug 6, 2025Updated 7 months ago
• mochabyte0x / TrampoLatte

  View on GitHub
  A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow
  ☆18Jun 26, 2025Updated 8 months ago