Utility that converts an .etl file containing a Windows network packet capture into .pcapng format.
☆712Jun 5, 2025Updated 9 months ago
Alternatives and similar repositories for etl2pcapng
Users that are interested in etl2pcapng are comparing it to the libraries listed below
Sorting:
- This repository includes the parsers necessary for Microsoft Network Monitor to parse etl logs generated by Packet Monitor (Pktmon).☆22Aug 30, 2022Updated 3 years ago
- PowerShell wrapper for the etl2pcapng.exe.☆22Dec 29, 2025Updated 2 months ago
- Microsoft Message Analyzer EOL Archive☆178Nov 19, 2019Updated 6 years ago
- A wireshark plugin to instrument ETW☆579Jan 28, 2022Updated 4 years ago
- Cmdlets for capturing Windows Events☆14Mar 11, 2022Updated 3 years ago
- Utilities for Sysmon☆1,575Sep 21, 2025Updated 5 months ago
- Binary commandline executable to parse ETL files☆69Jun 7, 2018Updated 7 years ago
- A repository of sysmon configuration modules☆2,987Aug 21, 2024Updated last year
- Simple (relatively) things allowing you to dig a bit deeper than usual.☆3,485Feb 16, 2026Updated 3 weeks ago
- Trace ScriptBlock execution for powershell v2☆40Jan 14, 2020Updated 6 years ago
- TrustedSec Sysinternals Sysmon Community Guide☆1,375Feb 10, 2026Updated 3 weeks ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆329May 2, 2024Updated last year
- DISKSPD is a storage load generator / performance test tool from the Windows/Windows Server and Cloud Server Infrastructure Engineering t…☆1,365Jun 14, 2024Updated last year
- Set of scripts for performance investigations on Windows.☆31Dec 17, 2025Updated 2 months ago
- Windows Diagnostics, Data Collection and Analysis tools☆167Mar 9, 2021Updated 5 years ago
- PingCastle - Get Active Directory Security at 80% in 20% of the time☆2,785Updated this week
- KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.☆753Dec 15, 2025Updated 2 months ago
- Sysmon configuration file template with default high-quality event tracing☆5,419Jul 3, 2024Updated last year
- View ETW Provider manifest☆575Nov 1, 2024Updated last year
- AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell script…☆2,182Feb 11, 2026Updated 3 weeks ago
- Directory Services Internals (DSInternals) PowerShell Module and Framework☆1,903Feb 9, 2026Updated last month
- A repository for using windows event forwarding for incident detection and response☆1,299Sep 8, 2025Updated 6 months ago
- ctsTraffic is a highly scalable client/server networking tool giving detailed performance and reliability analytics☆285Dec 1, 2025Updated 3 months ago
- WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)☆779Feb 3, 2023Updated 3 years ago
- Robust and practical application control for Windows☆687Aug 12, 2022Updated 3 years ago
- A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.☆735Jun 5, 2025Updated 9 months ago
- MemProcFS☆4,030Mar 2, 2026Updated last week
- ☆265Oct 25, 2025Updated 4 months ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆864Jan 20, 2022Updated 4 years ago
- RpcView is a free tool to explore and decompile Microsoft RPC interfaces☆1,045Sep 24, 2023Updated 2 years ago
- Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI☆201Dec 11, 2017Updated 8 years ago
- Sysmon-Like research tool for ETW☆386Nov 15, 2022Updated 3 years ago
- Tools and information regarding Windows Kerberos cryptography☆37Jan 28, 2026Updated last month
- ☆40May 2, 2023Updated 2 years ago
- DTrace for Windows in userspace; Frontend to ETW☆27Oct 4, 2022Updated 3 years ago
- Azure Local (formerly Azure Stack HCI), Windows 10 and Windows Server rapid lab deployment scripts☆1,283Oct 21, 2025Updated 4 months ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆844Mar 11, 2021Updated 4 years ago
- Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?☆2,140Feb 21, 2026Updated 2 weeks ago
- Set of tools to analyze Windows sandboxes for exposed attack surface.☆2,273Nov 6, 2025Updated 4 months ago