Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
☆18Jun 29, 2024Updated last year
Alternatives and similar repositories for ETWReader
Users that are interested in ETWReader are comparing it to the libraries listed below
Sorting:
- Some stuff for PHD2021☆14May 21, 2025Updated 9 months ago
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- Orchestrate detonating your MalDev in VMs with different EDRs to see their detection surface.☆23Feb 23, 2026Updated last week
- A tool designed to hook into Windows applications and output named (and anonymous?) pipe traffic.☆15Feb 27, 2024Updated 2 years ago
- Quick test for CVE-2023-26025 behaviours�☆13Nov 29, 2023Updated 2 years ago
- A tool to enumerate and download files from the System Center Configuration Manager (SCCM) SMB share (SCCMContentLib)☆16Jul 27, 2024Updated last year
- ☆16Sep 7, 2017Updated 8 years ago
- Find world writable directories that contain a .exe or .dll file☆13Aug 31, 2021Updated 4 years ago
- ECC Public Key Cryptography☆37Oct 29, 2023Updated 2 years ago
- a stage1 DLL loader with sleep obfuscation☆36Dec 27, 2022Updated 3 years ago
- PoC for CVE-2023-36802 Microsoft Kernel Streaming Service Proxy☆36Oct 24, 2023Updated 2 years ago
- EmbedExeLnk by x86matthew modified by d4rkiZ☆43Apr 27, 2023Updated 2 years ago
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆21Aug 26, 2020Updated 5 years ago
- Folder Or File Delete to Get System Shell on Current Session Desktop☆47Jan 14, 2025Updated last year
- Identifies metadata of .NET binary files.☆21Apr 3, 2024Updated last year
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆26Apr 21, 2025Updated 10 months ago
- A Windows tool that converts LDIF files to BloodHound CE☆27Dec 20, 2025Updated 2 months ago
- ☆138Nov 17, 2025Updated 3 months ago
- rust port of pspy with support for process monitoring over dbus☆36Jan 4, 2026Updated 2 months ago
- ☆26Sep 29, 2018Updated 7 years ago
- ☆119Jan 30, 2024Updated 2 years ago
- Windows process injection methods☆19Aug 11, 2019Updated 6 years ago
- Microsoft Active Directory (AD) Awesome List☆26Feb 27, 2025Updated last year
- Loading and executing shellcode in C# without PInvoke.☆22Jan 10, 2022Updated 4 years ago
- A way to maintain long-term access to Windows LAPS for lateral movement in AD via installing an Offensive LAPS RPC backdoor on a DC.☆29Jun 9, 2025Updated 8 months ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆197Dec 6, 2022Updated 3 years ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆54Feb 29, 2024Updated 2 years ago
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆50Oct 20, 2025Updated 4 months ago
- One gate to all syscalls!☆23Mar 12, 2022Updated 3 years ago
- ☆59Oct 17, 2024Updated last year
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61May 12, 2025Updated 9 months ago
- CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function without shellcode.☆138Jul 10, 2025Updated 7 months ago
- ☆147Oct 29, 2024Updated last year
- A 64 bit executable junk code engine for polymorphic malware.☆76Jun 16, 2025Updated 8 months ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- PoC for DEF CON 26: Playing Malware Injection with Exploit thoughts☆25Aug 17, 2018Updated 7 years ago
- Tool that can be used to trim useless things from a PE file such as the things a file pumper would add.☆29Apr 3, 2025Updated 11 months ago
- ☆57Jan 15, 2024Updated 2 years ago
- By manipulating LSASS memory flags like UseLogonCredential and IsCredGuardEnabled, this repo demonstrates how Credential Guard can be byp…☆14May 25, 2025Updated 9 months ago