User-mode ETW interception and telemetry manipulation lab for Windows security research.
☆42Jun 15, 2026Updated 3 weeks ago
Alternatives and similar repositories for ETWPrism
Users that are interested in ETWPrism are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Windows native ETW inspection suite for browsing providers, reading metadata, consuming live events, recording ETL traces, filtering resu…☆86Jun 27, 2026Updated 2 weeks ago
- A compiled language for Windows position-independent x86-64 shellcode and Beacon Object Files.☆170Jun 28, 2026Updated 2 weeks ago
- Usermode detector that catches indirect syscalls. Traps Hell's Hall, Tartarus' Gate, RecycledGate, and VEH syscalls & Many more.☆84Jun 15, 2026Updated 3 weeks ago
- Busybox-style Beacon Object Files for *nix post-exploitation. Reimplements common Unix utilities as BOFs for use in stripped environments…☆81Jul 5, 2026Updated last week
- This repository contains the research tool presented at x33fcon 2026, along with the associated presentation slides. The content is made …☆62Jun 15, 2026Updated 3 weeks ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- BOF POC of the DSCourier project / invoking WinGet via COM☆90Apr 23, 2026Updated 2 months ago
- Async BOF to automatically extract or renew Kerberos TGTs on a target system.☆134Updated this week
- Beacon Object File to Enable Chrome DevTools Protocol (CDP)☆116Jul 1, 2026Updated last week
- Async BOF that monitors USB device connect/disconnect events, reports device information and performs actions on connected USB storage vo…☆56Jun 17, 2026Updated 3 weeks ago
- Cobalt Strike BOF to obtain location data☆26Jul 4, 2026Updated last week
- Proof of concept to detect module stomping detection by looking for modified .pdata sections.☆39Jun 11, 2026Updated last month
- LLVM based devirtualizer for the binaryshield software protector.☆81May 7, 2026Updated 2 months ago
- ☆24Updated this week
- Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. Project Onyx is a PoC Red Team pipeline designed to demonstrate advance…☆113Jun 30, 2026Updated 2 weeks ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalities☆62Mar 1, 2026Updated 4 months ago
- Stack spoofing Detection for CET processes by comparing shadow and user stacks.☆36May 22, 2026Updated last month
- A specialized version of iced-x86 for binary lifting☆24Jun 25, 2026Updated 2 weeks ago
- Evasive loader for .NET Framework assemblies☆82May 12, 2026Updated 2 months ago
- A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique☆182Apr 14, 2026Updated 3 months ago
- An IDA Pro / Hex-Rays plugin that turns noisy pseudocode into reviewable, kernel-aware cleanup artifacts☆157Jul 7, 2026Updated last week
- A POC tool for exploring dev-tunnels☆66May 5, 2026Updated 2 months ago
- This repo contains the results of an internal re-write of impacket I undertook at my current company. It contains some of the IoCs found …☆313May 24, 2026Updated last month
- Static analysis & exploitation-triage toolkit for Windows kernel drivers. Discover IOCTLs, Symbolic Links, and check cert , and Downlaods…☆191Apr 27, 2026Updated 2 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Async PICO Hub is a work-in-progress framework to extend Cobalt Strike with custom event monitoring and in-process Asynchronous BOFs☆23Jun 4, 2026Updated last month
- Aether is a Windows memory-forensics and threat hunting tool that scans live process memory for malicious pattern, detect injection techn…☆52Jul 5, 2026Updated last week
- Leveraging TPM2 TCG Logs (Measured Boot) to Detect UEFI Drivers and Pre-Boot Applications☆20Mar 28, 2025Updated last year
- Async BOF that notifies the operator when a user connects to a local or remote target system.☆34Jun 17, 2026Updated 3 weeks ago
- DoublePulsar (Position-Independent) Shellcode (Windows 7 SP1 x64)☆27Mar 11, 2020Updated 6 years ago
- kerberos in rust for fun and profit☆70Mar 13, 2026Updated 4 months ago
- A Windows tool that converts LDIF files to BloodHound CE☆30Dec 20, 2025Updated 6 months ago
- Win32 keylogger that supports all (non-ime using) languages correctly☆54Dec 21, 2023Updated 2 years ago
- AdaptixC2 default beacon agent extended to support Crystal Palace loaders.☆62May 4, 2026Updated 2 months ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.☆301May 23, 2026Updated last month
- Active Directory time discovery protocols for red teams. Stealthy extraction via Kerberos, SMB, NTLM, and CLDAP.☆71Updated this week
- Adaptix C2 service plugin that drives LitterBox payload analysis from the operator UI.☆61May 4, 2026Updated 2 months ago
- WinMan - An Offline WIN/NT API Documentation☆26Updated this week
- Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…☆87Nov 6, 2025Updated 8 months ago
- A modern alternative Web-UI for the Mythic Command and Control Server☆79Jul 3, 2026Updated last week
- Modern Win32 API monitor for Windows security, reverse engineering, debugging, and anti-cheat research.☆43Jun 28, 2026Updated 2 weeks ago