Alternatives and similar repositories for EzETW

Users that are interested in EzETW are comparing it to the libraries listed below

• RedSiege / CLM-Base64
  This project provides Base64 encoding and decoding functionality to PowerShell within Constrained Language Mode
  ☆27Updated last year
• lkarlslund / azureimposter
  Go module that allows you to authenticate to Azure with a well known client ID using interactive logon and grab the token
  ☆26Updated 2 years ago
• vu-ls / applywdac
  ☆23Updated 8 months ago
• skelsec / winacl
  Platform independent library for interfacing windows security descriptors
  ☆21Updated 10 months ago
• threatexpress / threat-mitigation
  Threat Mitigation Strategies
  ☆26Updated 3 months ago
• kacos2000 / Evtx_Log_Browser
  Evtx Log (xml) Browser
  ☆55Updated 2 years ago
• idnahacks / NetCeasePlusPlus
  Takes the original idea of NetCease and adds functionality
  ☆24Updated 3 years ago
• netwrix / LAPS-Permissions-Collection
  Looks up permissions within Active Directory on a target (OU or Computer) to determine access to LAPS attributes (ms-Mcs-AdmPwdExpiration…
  ☆16Updated 2 years ago
• nccgroup / WindowsMemPageDelta
  A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection
  ☆32Updated 5 years ago
• woanware / etw-event-dumper
  ☆33Updated 3 years ago
• commial / LiveDiffAD
  AD Live changes viewer
  ☆36Updated 2 years ago
• DissectMalware / OfficeForensicTools
  A set of tools for collecting forensic information
  ☆27Updated 5 years ago
• SadProcessor / WatchDog
  BloodHound Data Scanner
  ☆45Updated 5 years ago
• MSAdministrator / msi-utils
  A python package that helps with analysis of MSI files
  ☆14Updated 4 years ago
• api0cradle / BGInfo
  ☆15Updated 7 years ago
• Xenov-X / PoSH_Teams_Message_Thief
  Quick and dirty PoSH code to read teams messages
  ☆22Updated 9 months ago
• gtworek / SysvolExplorer
  Active Directory Group Policy analyzer
  ☆18Updated 6 years ago
• LaresLLC / AzureTokenExtractor
  Extracts Azure authentication tokens from PowerShell process minidumps.
  ☆22Updated 2 years ago
• kacos2000 / Jumplist-Browser
  Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser
  ☆39Updated last year
• Tadas / PSNamedPipes
  Asynchronous named pipe module for PowerShell
  ☆21Updated 9 years ago
• jakehildreth / adcs-snippets
  Just a bunch of code snippets to identify and remediate common Active Directory Certificate Services issues.
  ☆34Updated last year
• QueenSquishy / Zombie
  General Content
  ☆26Updated last week
• hotnops / COM_Mapper
  A tool to create COM class/interface relationships in neo4j
  ☆50Updated 3 years ago
• nccgroup / UninstalledAppCanary
  A Canary which fires when uninstalled
  ☆34Updated 4 years ago
• danielbohannon / DevSec-Defense
  Accompanying PowerShell Modules for DevSec Defense Presentation
  ☆30Updated 7 years ago
• ConstantinT / Lantern
  ☆23Updated 4 years ago
• RomaissaAdjailia / Get-AppLockerEventlog
  This is a repo for fetching Applocker event log by parsing the win-event log
  ☆31Updated 3 years ago
• Apr4h / GetInjectedThreads
  C# Implementation of Jared Atkinson's Get-InjectedThread.ps1
  ☆54Updated 4 years ago
• airbus-cert / PSTrace
  Trace ScriptBlock execution for powershell v2
  ☆40Updated 5 years ago
• jonny-jhnson / LDAPMon
  ☆45Updated 2 years ago