View ETW Provider manifest
☆574Nov 1, 2024Updated last year
Alternatives and similar repositories for EtwExplorer
Users that are interested in EtwExplorer are comparing it to the libraries listed below
Sorting:
- Sysmon-Like research tool for ETW☆386Nov 15, 2022Updated 3 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆329May 2, 2024Updated last year
- ☆825Jun 1, 2023Updated 2 years ago
- Event Tracing For Windows (ETW) Resources☆417Oct 30, 2025Updated 4 months ago
- KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.☆753Dec 15, 2025Updated 2 months ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆146Feb 23, 2019Updated 7 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆301Apr 10, 2021Updated 4 years ago
- Process Monitor X v2☆648Jan 22, 2024Updated 2 years ago
- Document ETW providers☆272Mar 28, 2020Updated 5 years ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆319Mar 20, 2024Updated last year
- Run Processes as PPL with ELAM☆177Mar 17, 2022Updated 3 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆197Dec 6, 2022Updated 3 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆819Mar 11, 2021Updated 4 years ago
- Dump the memory of a PPL with a userland exploit☆889Jul 24, 2022Updated 3 years ago
- LSASS memory dumper using direct system calls and API unhooking.☆1,576Jan 5, 2021Updated 5 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆557Apr 8, 2025Updated 10 months ago
- ☆505Aug 14, 2022Updated 3 years ago
- ☆208Apr 5, 2022Updated 3 years ago
- ETW Python Library☆292Aug 11, 2023Updated 2 years ago
- Native API header files for the System Informer project.☆1,351May 25, 2025Updated 9 months ago
- Security product hook detection☆327Mar 30, 2021Updated 4 years ago
- Windows System Explorer☆878Nov 29, 2025Updated 3 months ago
- Windows Object Explorer 64-bit☆1,888Updated this week
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- ☆1,787Aug 30, 2024Updated last year
- Aims to identify sleeping beacons☆662Jan 25, 2026Updated last month
- AV/EDR evasion via direct system calls.☆1,795Sep 3, 2022Updated 3 years ago
- ☆615Jul 21, 2025Updated 7 months ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- A little tool to play with the Seclogon service☆326Jul 10, 2022Updated 3 years ago
- ☆261May 9, 2024Updated last year
- RPC Monitor tool based on Event Tracing for Windows☆384Aug 19, 2024Updated last year
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆535Aug 1, 2022Updated 3 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆588Jan 24, 2023Updated 3 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆501Jan 25, 2022Updated 4 years ago
- AV/EDR evasion via direct system calls.☆1,990Jan 1, 2023Updated 3 years ago
- SysWhispers on Steroids - AV/EDR evasion via direct system calls.☆1,594Jul 31, 2024Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆922Jul 20, 2024Updated last year
- ☆2,168Feb 21, 2023Updated 3 years ago