pathtofile/Sealighter external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

pathtofile/Sealighter

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/pathtofile/Sealighter)

Close

pathtofile / SealighterView on GitHubMore

• External links
• Readme badge

Sysmon-Like research tool for ETW

☆387Nov 15, 2022Updated 3 years ago

Alternatives and similar repositories for Sealighter

Users that are interested in Sealighter are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• pathtofile / SealighterTI

  View on GitHub
  Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider
  ☆198Dec 6, 2022Updated 3 years ago
• pathtofile / PPLRunner

  View on GitHub
  Run Processes as PPL with ELAM
  ☆177Mar 17, 2022Updated 4 years ago
• xuanxuan0 / TiEtwAgent

  View on GitHub
  PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
  ☆300Apr 10, 2021Updated 4 years ago
• microsoft / krabsetw

  View on GitHub
  KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
  ☆755Mar 9, 2026Updated 2 weeks ago
• zodiacon / EtwExplorer

  View on GitHub
  View ETW Provider manifest
  ☆576Nov 1, 2024Updated last year
• jdu2600 / Windows10EtwEvents

  View on GitHub
  Events from all manifest-based and mof-based ETW providers across Windows 10 versions
  ☆330May 2, 2024Updated last year
• nccgroup / DetectWindowsCopyOnWriteForAPI

  View on GitHub
  Enumerate various traits from Windows processes as an aid to threat hunting
  ☆202Jan 13, 2022Updated 4 years ago
• joe-desimone / patriot

  View on GitHub
  ☆156Jul 31, 2022Updated 3 years ago
• jdu2600 / EtwTi-FluctuationMonitor

  View on GitHub
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆172May 17, 2023Updated 2 years ago
• mandiant / SilkETW

  View on GitHub
  ☆826Jun 1, 2023Updated 2 years ago
• gabriellandau / ShadowStackWalk

  View on GitHub
  Finding Truth in the Shadows
  ☆125Jan 26, 2023Updated 3 years ago
• jonny-jhnson / ETWInspector

  View on GitHub
  ☆182Apr 24, 2025Updated 10 months ago
• nasbench / EVTX-ETW-Resources

  View on GitHub
  Event Tracing For Windows (ETW) Resources
  ☆420Oct 30, 2025Updated 4 months ago
• DamonMohammadbagher / ETWProcessMon2

  View on GitHub
  ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…
  ☆320Mar 20, 2024Updated 2 years ago
• forrest-orr / moneta

  View on GitHub
  Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
  ☆814Mar 16, 2024Updated 2 years ago
• waldo-irc / MalMemDetect

  View on GitHub
  Detect strange memory regions and DLLs
  ☆190Jan 20, 2022Updated 4 years ago
• jthuraisamy / TelemetrySourcerer

  View on GitHub
  Enumerate and disable common sources of telemetry used by AV/EDR.
  ☆843Mar 11, 2021Updated 5 years ago
• jdu2600 / CFG-FindHiddenShellcode

  View on GitHub
  Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
  ☆134May 17, 2023Updated 2 years ago
• klezVirus / SilentMoonwalk

  View on GitHub
  PoC Implementation of a fully dynamic call stack spoofer
  ☆928Jul 20, 2024Updated last year
• WithSecureLabs / CallStackSpoofer

  View on GitHub
  A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
  ☆559Apr 8, 2025Updated 11 months ago
• jonny-jhnson / JonMon

  View on GitHub
  ☆253Jun 7, 2025Updated 9 months ago
• 0xhido / BlueLight

  View on GitHub
  Open-source EDR kernel-component for system monitoring and DLL injection
  ☆33Nov 14, 2020Updated 5 years ago
• 0xcpu / ExecutiveCallbackObjects

  View on GitHub
  Research on Windows Kernel Executive Callback Objects
  ☆316Feb 22, 2020Updated 6 years ago
• br-sn / CheekyBlinder

  View on GitHub
  Enumerating and removing kernel callbacks using signed vulnerable drivers
  ☆587Jan 24, 2023Updated 3 years ago
• thefLink / Hunt-Sleeping-Beacons

  View on GitHub
  Aims to identify sleeping beacons
  ☆663Jan 25, 2026Updated last month
• zeroperil / HookDump

  View on GitHub
  Security product hook detection
  ☆327Mar 30, 2021Updated 4 years ago
• mandiant / STrace

  View on GitHub
  A DTrace on Windows Reimplementation
  ☆372Mar 12, 2026Updated last week
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆283Sep 18, 2024Updated last year
• jdu2600 / Etw-SyscallMonitor

  View on GitHub
  Monitors ETW for security relevant syscalls maintaining the set called by each unique process
  ☆89May 17, 2023Updated 2 years ago
• yjugl / mitimon

  View on GitHub
  Monitor ETW events for Windows process mitigation policies, with stack traces
  ☆31Oct 7, 2022Updated 3 years ago
• 0xcpu / WinAltSyscallHandler

  View on GitHub
  Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999
  ☆241Nov 6, 2019Updated 6 years ago
• zodiacon / ProcMonXv2

  View on GitHub
  Process Monitor X v2
  ☆652Jan 22, 2024Updated 2 years ago
• repnz / etw-providers-docs

  View on GitHub
  Document ETW providers
  ☆277Mar 28, 2020Updated 5 years ago
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆438Dec 21, 2023Updated 2 years ago
• deepinstinct / Dirty-Vanity

  View on GitHub
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆674Dec 23, 2022Updated 3 years ago
• dobin / RedEdr

  View on GitHub
  Collect Windows telemetry for Maldev
  ☆464Jan 30, 2026Updated last month
• huntandhackett / process-cloning

  View on GitHub
  The Definitive Guide To Process Cloning on Windows
  ☆543Jan 3, 2024Updated 2 years ago
• wavestone-cdt / EDRSandblast

  View on GitHub
  ☆1,793Aug 30, 2024Updated last year
• whokilleddb / ETWListicle

  View on GitHub
  List the ETW provider(s) in the registration table of a process.
  ☆80Sep 20, 2023Updated 2 years ago