etw
There are 92 repositories under etw topic.
google/orbit
C/C++ Performance Profiler
rabbitstack/fibratus
Adversary tradecraft detection, protection, and hunting
xoofx/ultra
An advanced profiler for .NET Applications on Windows
lowleveldesign/wtrace
Command line tracing tool for Windows, based on ETW.
microsoft/krabsetw
KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
airbus-cert/Winshark
A wireshark plugin to instrument ETW
nasbench/EVTX-ETW-Resources
Event Tracing For Windows (ETW) Resources
wecooperate/iMonitorSDK
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
lowleveldesign/debug-recipes
My notes on software troubleshooting, covering debugging and tracing techniques and tools. Available at wtrace.net.
DamonMohammadbagher/ETWProcessMon2
ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
fireeye/pywintrace
ETW Python Library
nettitude/ETWHash
C# POC to extract NetNTLMv1/v2 hashes from ETW provider
H4NM/WhoYouCalling
Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.
repnz/etw-providers-docs
Document ETW providers
lahell/PSDiscoveryProtocol
Capture and parse CDP and LLDP packets on local or remote computers
DamonMohammadbagher/Meterpreter_Payload_Detection
Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool
okieselbach/SyncMLViewer
A small real time SyncML protocol Viewer
wbenny/EtwConsumerNT
Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
huoji120/MakeInfinityHookGreatAgain
让Etwhook再次伟大! Make InfinityHook Great Again!
ScriptIdiot/BOF-patchit
An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.
microsoft/ApplicationInsights-dotnet-logging
.NET Logging adaptors
Siemens-Healthineers/ETWAnalyzer
Command line tool to analyze one/many ETW file/s with simple queries for common issues.
lowleveldesign/dotnet-netrace
Collects network traces of .NET applications.
microsoft/ETW2JSON
Tool and library to convert ETW logs to JSON files
EvilBytecode/Lifetime-Amsi-EtwPatch
Two in one, patch lifetime powershell console, no more etw and amsi!
ScriptIdiot/sleepmask_PatchlessHook
Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
Hagrid29/RemotePatcher
Patch AMSI and ETW in remote process via direct syscall
Donpedro13/etwprof
Sampling profiler for native applications on Windows, based on ETW
ProcessusT/UnhookingDLL
This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
n4r1b/ferrisetw
Basically a KrabsETW rip-off written in Rust
nsacyber/PRUNE
Logs key Windows process performance metrics. #nsacyber
bi-zone/etw
Go library for ETW (Event Tracing for Windows) events processing
whokilleddb/ETWListicle
List the ETW provider(s) in the registration table of a process.
airbus-cert/etwbreaker
An IDA plugin to deal with Event Tracing for Windows (ETW)
microsoft/tracelogging
TraceLogging events and tracing
AviAvni/NativeLeakDetector
Win32 memory leak detector with ETW