whokilleddb/ETWListicle external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

whokilleddb/ETWListicle

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/whokilleddb/ETWListicle)

Close

whokilleddb / ETWListicleView on GitHubMore

• External links
• Readme badge

List the ETW provider(s) in the registration table of a process.

☆81Sep 20, 2023Updated 2 years ago

Alternatives and similar repositories for ETWListicle

Users that are interested in ETWListicle are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆285Sep 18, 2024Updated last year
• 0xv1n / RemoteSessionEnum

  View on GitHub
  Remotely Enumerate sessions using undocumented Windows Station APIs
  ☆118Aug 21, 2024Updated last year
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆127Sep 1, 2024Updated last year
• xpn / adfstoolkit

  View on GitHub
  ☆39Jan 7, 2025Updated last year
• outflanknl / unmanaged-dotnet-patch

  View on GitHub
  Modify managed functions from unmanaged code
  ☆53Feb 1, 2024Updated 2 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆411Jan 11, 2026Updated 5 months ago
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆103Oct 7, 2023Updated 2 years ago
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆382Apr 19, 2023Updated 3 years ago
• iamagarre / BadExclusionsNWBO

  View on GitHub
  BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
  ☆76Feb 9, 2024Updated 2 years ago
• delivr-to / MailCollector

  View on GitHub
  A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM
  ☆20Jul 19, 2025Updated 10 months ago
• Tw1sm / SQL-BOF

  View on GitHub
  Library of BOFs to interact with SQL servers
  ☆241Dec 3, 2025Updated 6 months ago
• EspressoCake / DefenderPathExclusions

  View on GitHub
  Creation and removal of Defender path exclusions and exceptions in C#.
  ☆32Nov 1, 2023Updated 2 years ago
• floesen / KExecDD

  View on GitHub
  Admin to Kernel code execution using the KSecDD driver
  ☆269Apr 19, 2024Updated 2 years ago
• LloydLabs / process-enumeration-stealth

  View on GitHub
  ☆84Aug 26, 2024Updated last year
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• VoldeSec / PatchlessInlineExecute-Assembly

  View on GitHub
  Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
  ☆292Updated this week
• 0xthirteen / rpc2wc

  View on GitHub
  RPC to WebClient startup
  ☆57Aug 19, 2025Updated 9 months ago
• ricardojoserf / SharpSelfDelete

  View on GitHub
  PoC to self-delete a binary in C#
  ☆36Feb 6, 2024Updated 2 years ago
• fin3ss3g0d / IoDllProxyLoad

  View on GitHub
  DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
  ☆66Mar 19, 2024Updated 2 years ago
• xforcered / Being-A-Good-CLR-Host

  View on GitHub
  ☆140Jan 16, 2025Updated last year
• xpn / CloudInject

  View on GitHub
  ☆122Nov 21, 2024Updated last year
• MrAle98 / psinline

  View on GitHub
  in-process powershell runner for BRC4
  ☆48Oct 31, 2023Updated 2 years ago
• dr4ndrei / OHFFLdr

  View on GitHub
  One-header configurable C++20 COFF loader
  ☆21Jul 21, 2025Updated 10 months ago
• antroguy / LocklessBof

  View on GitHub
  Lockless BOF
  ☆79May 2, 2025Updated last year
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• CymulateResearch / Blindside

  View on GitHub
  Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
  ☆138Dec 20, 2022Updated 3 years ago
• zimnyaa / PhaseDive

  View on GitHub
  Sleep Obfuscation
  ☆47Oct 13, 2022Updated 3 years ago
• Helixo32 / SimpleEDR

  View on GitHub
  Simple EDR that injects a DLL into a process to place a hook on specific Windows API
  ☆98Aug 27, 2023Updated 2 years ago
• mannyfred / MentalTi

  View on GitHub
  Mentally ill EtwTi parser
  ☆74Jan 11, 2026Updated 5 months ago
• Kharos102 / ReadWriteDriverSample

  View on GitHub
  ☆25Apr 28, 2024Updated 2 years ago
• fin3ss3g0d / NativeThreadpool

  View on GitHub
  Work, timer, and wait callback example using solely Native Windows APIs.
  ☆89Feb 11, 2024Updated 2 years ago
• MzHmO / SymProcAddress

  View on GitHub
  Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)
  ☆146Mar 16, 2024Updated 2 years ago
• 0xflux / Vectored-Exception-Handling-Squared

  View on GitHub
  Vectored Exception Handling Squared
  ☆30Dec 27, 2025Updated 5 months ago
• rasta-mouse / PPEnum

  View on GitHub
  Simple BOF to read the protection level of a process
  ☆123May 10, 2023Updated 3 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• decoder-it / RelabelAbuse

  View on GitHub
  ☆63May 31, 2024Updated 2 years ago
• EvanMcBroom / perfect-loader

  View on GitHub
  Load a dynamic library from memory by modifying the native Windows loader
  ☆302May 5, 2026Updated last month
• senzee1984 / EDRPrison

  View on GitHub
  Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
  ☆473Aug 2, 2024Updated last year
• edwig / HTTPSYS

  View on GitHub
  User-mode implementation of HTTP.SYS. Implements HTTP 1.1 of the "HTTP Server API 2.0" for web servers
  ☆45Feb 17, 2025Updated last year
• Allevon412 / SyscallTempering

  View on GitHub
  ☆30Jul 26, 2024Updated last year
• MayerDaniel / profiler-lateral-movement

  View on GitHub
  Lateral Movement via the .NET Profiler
  ☆100Nov 21, 2024Updated last year
• senzee1984 / InflativeLoading

  View on GitHub
  Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
  ☆326Apr 12, 2024Updated 2 years ago