pathtofile/Sealighter external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

pathtofile/Sealighter

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/pathtofile/Sealighter)

Close

pathtofile / SealighterView on GitHubMore

• External links
• Readme badge

Sysmon-Like research tool for ETW

☆389Nov 15, 2022Updated 3 years ago

Alternatives and similar repositories for Sealighter

Users that are interested in Sealighter are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• pathtofile / SealighterTI

  View on GitHub
  Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider
  ☆202Dec 6, 2022Updated 3 years ago
• pathtofile / PPLRunner

  View on GitHub
  Run Processes as PPL with ELAM
  ☆176Mar 17, 2022Updated 4 years ago
• xuanxuan0 / TiEtwAgent

  View on GitHub
  PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
  ☆298Apr 10, 2021Updated 5 years ago
• microsoft / krabsetw

  View on GitHub
  KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
  ☆769Apr 14, 2026Updated last month
• zodiacon / EtwExplorer

  View on GitHub
  View ETW Provider manifest
  ☆600Nov 1, 2024Updated last year
• GPUs on demand by Runpod - Special Offer Available • Ad
  Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
• jdu2600 / Windows10EtwEvents

  View on GitHub
  Events from all manifest-based and mof-based ETW providers across Windows 10 versions
  ☆332May 2, 2024Updated 2 years ago
• nccgroup / DetectWindowsCopyOnWriteForAPI

  View on GitHub
  Enumerate various traits from Windows processes as an aid to threat hunting
  ☆202Jan 13, 2022Updated 4 years ago
• joe-desimone / patriot

  View on GitHub
  ☆161Jul 31, 2022Updated 3 years ago
• jdu2600 / EtwTi-FluctuationMonitor

  View on GitHub
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆176May 17, 2023Updated 3 years ago
• mandiant / SilkETW

  View on GitHub
  ☆837Jun 1, 2023Updated 2 years ago
• gabriellandau / ShadowStackWalk

  View on GitHub
  Finding Truth in the Shadows
  ☆129Jan 26, 2023Updated 3 years ago
• nasbench / EVTX-ETW-Resources

  View on GitHub
  Event Tracing For Windows (ETW) Resources
  ☆428Oct 30, 2025Updated 6 months ago
• jonny-jhnson / ETWInspector

  View on GitHub
  ☆204May 10, 2026Updated last week
• DamonMohammadbagher / ETWProcessMon2

  View on GitHub
  ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…
  ☆319Mar 20, 2024Updated 2 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• forrest-orr / moneta

  View on GitHub
  Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
  ☆826Mar 16, 2024Updated 2 years ago
• waldo-irc / MalMemDetect

  View on GitHub
  Detect strange memory regions and DLLs
  ☆191Jan 20, 2022Updated 4 years ago
• jthuraisamy / TelemetrySourcerer

  View on GitHub
  Enumerate and disable common sources of telemetry used by AV/EDR.
  ☆850Mar 11, 2021Updated 5 years ago
• jdu2600 / CFG-FindHiddenShellcode

  View on GitHub
  Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
  ☆134May 17, 2023Updated 3 years ago
• WithSecureLabs / CallStackSpoofer

  View on GitHub
  A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
  ☆573Apr 8, 2025Updated last year
• klezVirus / SilentMoonwalk

  View on GitHub
  PoC Implementation of a fully dynamic call stack spoofer
  ☆956Jul 20, 2024Updated last year
• jonny-jhnson / JonMon

  View on GitHub
  ☆260Jun 7, 2025Updated 11 months ago
• 0xhido / BlueLight

  View on GitHub
  Open-source EDR kernel-component for system monitoring and DLL injection
  ☆33Nov 14, 2020Updated 5 years ago
• 0xcpu / ExecutiveCallbackObjects

  View on GitHub
  Research on Windows Kernel Executive Callback Objects
  ☆317Feb 22, 2020Updated 6 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• br-sn / CheekyBlinder

  View on GitHub
  Enumerating and removing kernel callbacks using signed vulnerable drivers
  ☆593Jan 24, 2023Updated 3 years ago
• zeroperil / HookDump

  View on GitHub
  Security product hook detection
  ☆330Mar 30, 2021Updated 5 years ago
• thefLink / Hunt-Sleeping-Beacons

  View on GitHub
  Aims to identify sleeping beacons
  ☆669Jan 25, 2026Updated 3 months ago
• mandiant / STrace

  View on GitHub
  A DTrace on Windows Reimplementation
  ☆373May 6, 2026Updated 2 weeks ago
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆286Sep 18, 2024Updated last year
• jdu2600 / Etw-SyscallMonitor

  View on GitHub
  Monitors ETW for security relevant syscalls maintaining the set called by each unique process
  ☆91May 17, 2023Updated 3 years ago
• yjugl / mitimon

  View on GitHub
  Monitor ETW events for Windows process mitigation policies, with stack traces
  ☆30Oct 7, 2022Updated 3 years ago
• zodiacon / ProcMonXv2

  View on GitHub
  Process Monitor X v2
  ☆656Jan 22, 2024Updated 2 years ago
• 0xcpu / WinAltSyscallHandler

  View on GitHub
  Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999
  ☆242Nov 6, 2019Updated 6 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆449Dec 21, 2023Updated 2 years ago
• deepinstinct / Dirty-Vanity

  View on GitHub
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆673Dec 23, 2022Updated 3 years ago
• repnz / etw-providers-docs

  View on GitHub
  Document ETW providers
  ☆298Mar 28, 2020Updated 6 years ago
• huntandhackett / process-cloning

  View on GitHub
  The Definitive Guide To Process Cloning on Windows
  ☆550Jan 3, 2024Updated 2 years ago
• wavestone-cdt / EDRSandblast

  View on GitHub
  ☆1,815Aug 30, 2024Updated last year
• whokilleddb / ETWListicle

  View on GitHub
  List the ETW provider(s) in the registration table of a process.
  ☆82Sep 20, 2023Updated 2 years ago
• Idov31 / Jormungandr

  View on GitHub
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆245Sep 26, 2023Updated 2 years ago