Windows notifier tool that detects suspicious connections by monitoring ETW event logs
☆124Dec 8, 2022Updated 3 years ago
Alternatives and similar repositories for ETWMonitor
Users that are interested in ETWMonitor are comparing it to the libraries listed below
Sorting:
- ☆118Aug 7, 2022Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- A Poc on blocking Procmon from monitoring network events☆111Aug 7, 2025Updated 6 months ago
- Searching .evtx logs for remote connections☆24Jul 6, 2023Updated 2 years ago
- RPC Monitor based on The ETW Microsoft-Windows-Rpc provider☆24Mar 22, 2020Updated 5 years ago
- ☆35Nov 16, 2023Updated 2 years ago
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- Asynchronous RDP/VNC client for Python (GUI)☆75Jan 1, 2025Updated last year
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆319Mar 20, 2024Updated last year
- Tools and PoCs for Windows syscall investigation.☆368Dec 2, 2025Updated 2 months ago
- RemClip is a C# project which permits to steal user clipboard data and send it to a remote web server under attacker control☆15Sep 2, 2024Updated last year
- apkfram was written in order to help any mobile penetration testers to identify the Framework used to develop the Android application.☆12Oct 9, 2024Updated last year
- Deleting Shadow Copies In Pure C++☆118Oct 31, 2022Updated 3 years ago
- ☆164Dec 30, 2022Updated 3 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Aug 11, 2023Updated 2 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆249Jul 9, 2024Updated last year
- WCRT CMake build☆11Mar 26, 2014Updated 11 years ago
- Cmdlets for capturing Windows Events☆14Mar 11, 2022Updated 3 years ago
- ETW-Almulahaza is a consumer python-based tool that help you monitor ETW events of the operating system☆13Jun 24, 2022Updated 3 years ago
- List the ETW provider(s) in the registration table of a process.☆80Sep 20, 2023Updated 2 years ago
- Bypass Detection By Randomising ROR13 API Hashes☆142Feb 24, 2022Updated 4 years ago
- A C# port of https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80☆21Apr 2, 2025Updated 10 months ago
- BYOVD collection☆24Mar 20, 2024Updated last year
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- PoCs and tools for investigation of Windows process execution techniques☆952Feb 2, 2026Updated 3 weeks ago
- laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.☆501Jan 10, 2023Updated 3 years ago
- UAC bypass for x64 Windows 7 - 11☆831Feb 2, 2026Updated 3 weeks ago
- RPC Monitor tool based on Event Tracing for Windows☆383Aug 19, 2024Updated last year
- Infect Shared Files In Memory for Lateral Movement☆193Dec 14, 2022Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting☆363Dec 19, 2022Updated 3 years ago
- ☆46Dec 30, 2018Updated 7 years ago
- POC about how to prevent windbg break☆15Oct 3, 2022Updated 3 years ago
- Easy XOR string encryption for NET based binaries☆139Nov 4, 2023Updated 2 years ago
- Sysmon-Like research tool for ETW☆384Nov 15, 2022Updated 3 years ago
- An injector that use PT_LOAD technique☆12Nov 27, 2022Updated 3 years ago
- Example of async client/server sockets in .NET 5☆17Jun 9, 2021Updated 4 years ago
- A string obfuscator for .NET apps, built to evade static string analysis.☆109Jan 3, 2023Updated 3 years ago