C/C++ Performance Profiler

Adversary tradecraft detection, protection, and hunting

Command line tracing tool for Windows, based on ETW.

KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.

A wireshark plugin to instrument ETW

Event Tracing For Windows (ETW) Resources

The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能， 而不用关心底层驱动的开发、维护和兼容性问题，让其可以专注于业务开发

My notes on software troubleshooting, covering debugging and tracing techniques and tools. Available at wtrace.net.

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

ETW Python Library

C# POC to extract NetNTLMv1/v2 hashes from ETW provider

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

Document ETW providers

Capture and parse CDP and LLDP packets on local or remote computers

Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool

A small real time SyncML protocol Viewer

Simple project that demonstrates how an ETW consumer can be created just by using NTDLL

让Etwhook再次伟大! Make InfinityHook Great Again!

An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.

Command line tool to analyze one/many ETW file/s with simple queries for common issues.