View ETW Provider manifest
☆609Nov 1, 2024Updated last year
Alternatives and similar repositories for EtwExplorer
Users that are interested in EtwExplorer are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Sysmon-Like research tool for ETW☆393Nov 15, 2022Updated 3 years ago
- ☆849Jun 1, 2023Updated 3 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆334May 2, 2024Updated 2 years ago
- Event Tracing For Windows (ETW) Resources☆432Oct 30, 2025Updated 8 months ago
- KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.☆783Apr 14, 2026Updated 2 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆148Feb 23, 2019Updated 7 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆298Apr 10, 2021Updated 5 years ago
- Process Monitor X v2☆657Jan 22, 2024Updated 2 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆206Dec 6, 2022Updated 3 years ago
- Document ETW providers☆302Mar 28, 2020Updated 6 years ago
- Run Processes as PPL with ELAM☆177Mar 17, 2022Updated 4 years ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆320Mar 20, 2024Updated 2 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆853Mar 11, 2021Updated 5 years ago
- ETW Python Library☆300Aug 11, 2023Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Windows System Explorer☆889Nov 29, 2025Updated 7 months ago
- ☆513Aug 14, 2022Updated 3 years ago
- Dump the memory of a PPL with a userland exploit☆893Jul 24, 2022Updated 3 years ago
- LSASS memory dumper using direct system calls and API unhooking.☆1,585Jan 5, 2021Updated 5 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆576Apr 8, 2025Updated last year
- Aims to identify sleeping beacons☆671Jan 25, 2026Updated 5 months ago
- Windows Object Explorer 64-bit☆1,944Jun 27, 2026Updated last week
- Native API header files for the System Informer project.☆1,431Mar 26, 2026Updated 3 months ago
- PoC to demonstrate how CLR ETW events can be tampered.☆193Mar 26, 2020Updated 6 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ☆213Apr 5, 2022Updated 4 years ago
- ☆1,825Aug 30, 2024Updated last year
- INF Studio for easier working with driver installation files☆39Nov 11, 2023Updated 2 years ago
- Security product hook detection☆326Mar 30, 2021Updated 5 years ago
- AV/EDR evasion via direct system calls.☆1,817Sep 3, 2022Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆203Jan 13, 2022Updated 4 years ago
- ☆264May 9, 2024Updated 2 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆538Aug 1, 2022Updated 3 years ago
- A collection of free miscellaneous Windows tools☆144Jul 22, 2025Updated 11 months ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- PoC Implementation of a fully dynamic call stack spoofer☆967Jul 20, 2024Updated last year
- ☆640Jul 21, 2025Updated 11 months ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆592Jan 24, 2023Updated 3 years ago
- ☆221Apr 2, 2018Updated 8 years ago
- Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode☆2,536Nov 15, 2023Updated 2 years ago
- RpcView is a free tool to explore and decompile Microsoft RPC interfaces☆1,059Sep 24, 2023Updated 2 years ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆262May 10, 2023Updated 3 years ago