"topic:etw" — Search | GitHunt

Repositories Developers Collections

© 2026 GitHunt · tansuasici

122 results for “topic:etw”

google/orbitArchived

C/C++ Performance Profiler

C++4.3k360Updated 1 year ago

cpu-profilerdynamic-instrumentationetwhookinginstrumentationperformanceprofilersamplingvisualizer

rabbitstack/fibratus

Adversary tradecraft detection, protection, and hunting

Go2.4k203Updated 2 days ago

adversaryblueteamedretwgolanginstrumentationmitrepythonsecuritywindowswindows-kernel

An advanced profiler for .NET Applications on Windows

C#1.1k19Updated 4 months ago

dotnetetwprofiler

microsoft/krabsetw

KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.

C++754166Updated 6 days ago

etwkrabsnuget-packageswrapper

lowleveldesign/wtrace

Command line tracing tool for Windows, based on ETW.

C#69054Updated 5 months ago

diagnosticsetwprofilingstracetrace

airbus-cert/Winshark

A wireshark plugin to instrument ETW

Lua58061Updated 4 years ago

etwpcapwireshark

H4NM/WhoYouCalling

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

C#45721Updated 5 days ago

dynamic-analysisetwfull-packet-capturegame-hackingmalware-analysismalware-researchnetwork-analysissysadmin-toolwindows-event-tracing

nasbench/EVTX-ETW-Resources

Event Tracing For Windows (ETW) Resources

Python42078Updated 4 months ago

detectionetwevent-tracing-for-windowsloggingtracingwindowswindows10windows11

wecooperate/iMonitorSDK

The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能，而不用关心底层驱动的开发、维护和兼容性问题，让其可以专注于业务开发

C++37686Updated 1 year ago

access-controldefenderedrendpoint-securityetwkernelmonitoring-toolprocmonsecuritysysmonzero-trust

lowleveldesign/debug-recipes

My notes on software troubleshooting, covering debugging and tracing techniques and tools. Available at wtrace.net.

HTML34472Updated 2 weeks ago

debuggingetwprofilingwindbg

DamonMohammadbagher/ETWProcessMon2

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

C#32070Updated 1 year ago

blueteamcobaltstrike-detectiondetection-etw-eventsetwimageloadsmalicious-traffic-detectionmemory-scannermemory-scanner-by-etw-eventsmemory-scanningmeterpreter-detectionpayload-detectionprocessmonitoringrealtime-monitoringremote-thread-injectiontcpip-monitoringtechnique-detectionthread-monitorthreat-hunting-via-etwthreat-hunting-via-sysmonvirtualmemallocation-detection

theSecHunter/Hades-Windows

Hades HIDS/HIPS for Windows

C++309102Updated 5 months ago

edretwhidshipshost-securitykernelminifilterrootkitwfpwindow-securitywindows-driver

fireeye/pywintrace

ETW Python Library

Python29360Updated 2 years ago

repnz/etw-providers-docs

Document ETW providers

C27656Updated 5 years ago

microsoft/profile-explorer

CPU profiling trace viewer

C#26121Updated 3 days ago

arm64cpuetwperformanceprofilerwindowsx64

nettitude/ETWHash

C# POC to extract NetNTLMv1/v2 hashes from ETW provider

C#25829Updated 2 years ago

etwredteamredteam-tools

okieselbach/SyncMLViewer

A small real time SyncML protocol Viewer

C#21930Updated 2 weeks ago

etwmdmomadmclientsyncmlwindows-desktop

lahell/PSDiscoveryProtocol

Capture and parse CDP and LLDP packets on local or remote computers

PowerShell19833Updated 2 years ago

capturecdpciscoetwlldppacketparsepowershell

DamonMohammadbagher/Meterpreter_Payload_Detection

Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool

C#16565Updated 2 years ago

etwetw-monitoring-threadsetwmonthreadmeterpretermeterpreter-detectionmeterpreter-payload-detectionmeterpreter-signaturempdsignaturethread-injectionthread-injection-detection

huoji120/MakeInfinityHookGreatAgain

让Etwhook再次伟大! Make InfinityHook Great Again!

C++14747Updated 4 years ago

wbenny/EtwConsumerNT

Simple project that demonstrates how an ETW consumer can be created just by using NTDLL

C++14637Updated 7 years ago

etwntdllnttracecontrol

smourier/TraceSpy

TraceSpy is a pure .NET, 100% free and open source, alternative to the very popular SysInternals DebugView tool.

C#14222Updated 1 month ago

asp-net-coredebuggingdotnetdotnet-coreerror-reportingetwloggingmicrosoft-dependency-injectionmicrosoft-loggingnet-coreproductivity-toolstraceuwpwpf

ScriptIdiot/BOF-patchit

An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.

C13921Updated 3 years ago

amsibofcnacobalt-strikeetwsyscall

Siemens-Healthineers/ETWAnalyzer

Command line tool to analyze one/many ETW file/s with simple queries for common issues.

C#12917Updated 1 week ago

etwtraceprocessing

microsoft/ApplicationInsights-dotnet-loggingArchived

.NET Logging adaptors

C#10749Updated 3 years ago

application-insightsazureetweventsourcelog4netloggingmonitoringnlogsdktelemetry

KiExitDispatcher/Lifetime-Amsi-EtwPatch

Two in one, patch lifetime powershell console, no more etw and amsi!

Go10321Updated 10 months ago

amsiamsi-bypassamsi-evasionamsi-patchetwetw-bypassetw-evasionfudpentestingred-teaming

Karib0u/rustinel

Rust Windows EDR (user-mode, no driver): ETW → Sysmon-style normalization → Sigma/Yara/IOC detection → ECS NDJSON alerts.

Rust9515Updated 1 week ago

blue-teamdetection-engineeringedrendpoint-detectionetwincident-responsemalware-detectionrustsecurity-toolssiemsigmasysmonthreat-detectionwindows-securityyara

Idov31/EtwLeakKernel

Leaking kernel addresses from ETW consumers. Requires Administrator privileges.

C++929Updated 4 months ago

lowleveldesign/dotnet-netraceArchived

Collects network traces of .NET applications.

C#926Updated 4 years ago

diagnosticsdotnetdotnet-coreetwnetwork

microsoft/ETW2JSON

Tool and library to convert ETW logs to JSON files

C#9120Updated 3 years ago

etletweventsourcejson

Page 1 of 5