etw-evasion

There are 8 repositories under etw-evasion topic.

unkvolism/Fuck-Etw
Bypass the Event Trace Windows(ETW) and unhook ntdll.
Language:C102 1 113
EvilBytecode/Lifetime-Amsi-EtwPatch
Two in one, patch lifetime powershell console, no more etw and amsi!
Language:Go83 1 014
Chainski/PandaLoader
A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal console builder.
Language:C++40 1 36
0xflux/ETW-Bypass-Rust
Event Tracing for Windows EDR bypass in Rust
Language:Rust18 2 03
EvilBytecode/ETW-Patch
code snippet provided demonstrates how to patch the EtwEventWrite function in the ntdll.dll library on Windows using CGO (C Go).
Language:Go7 2 01
Chainski/Lifetime-Amsi-EtwPatch
Loads a C# binary in memory within powershell profile, patching AMSI + ETW.
Language:Nim4 0 01
Gurpreet06/ETW-Patcher
Bypassing Event Tracing for Windows (ETW) with CSharp
Language:C++3 1 00
B0lg0r0v/DumbETW
A proof of concept ETW consumer that captures userland events in real time, displays them, and saves them into an .etl file
Language:C10