ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool

Command line tracing tool for Windows, based on ETW.

.NET Logging adaptors

A small real time SyncML protocol Viewer

C# POC to extract NetNTLMv1/v2 hashes from ETW provider

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

Tool and library to convert ETW logs to JSON files

TraceSpy is a pure .NET, 100% free and open source, alternative to the very popular SysInternals DebugView tool.

CPU profiling trace viewer

An advanced profiler for .NET Applications on Windows

Command line tool to analyze one/many ETW file/s with simple queries for common issues.

Logs key Windows process performance metrics. #nsacyber

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

Win32 memory leak detector with ETW

Collects network traces of .NET applications.

Splunk Technology Add-On (TA) for collecting ETW events from Windows systems

SemanticLogging.EventHub is a collection of sinks for the Semantic Logging Application Block that exposes Event Source events to an Azure Event Hub.

Visual Studio Extension and tools to ease development using Event Tracing for Windows (ETW).

NLog Target for Event Tracing for Windows (ETW)