Windows notifier tool that detects RDP, SMB end RPC connections by monitoring ETW event logs
On last version (V 1.1) :
- Detect and notify WinRM connections
- System tray icon when running
V 1.0 :
- Detect and notify RDP, SMB and RPC connections
On Windows, ETW (for Event Tracing for Windows) is a mechanism to trace and log events that are raised
by user-mode applications and kernel-mode drivers.
ETWMonitor monitors events in real time to detect suspicious network connections.
Compile with Visual Studio 2022 and launch ETWMonitor.exe as Administrator.
- Include more protocols detections - Build a Client-Server version with Agents and a collector server