#

etw

Here are 105 public repositories matching this topic...

jymcheong / ETW-tutorialSet

ETW Notes

windows etw edr endpoint-security etw-agent

Updated Nov 12, 2025
C#

H4NM / WhoYouCalling

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

game-hacking dynamic-analysis etw malware-analysis malware-research network-analysis sysadmin-tool full-packet-capture windows-event-tracing

Updated Nov 6, 2025
C#

Idov31 / EtwLeakKernel

Leaking kernel addresses from ETW consumers. Requires Administrator privileges.

windows cpp etw

Updated Nov 6, 2025
C++

Chainski / donut

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

obfuscation native dotnet llvm clr etw shellcode donut payload crypter amsi

Updated Nov 6, 2025
C

ultra

xoofx / ultra

An advanced profiler for .NET Applications on Windows

dotnet profiler etw

Updated Nov 5, 2025
C#

greycloudss / Greathelm

Greathelm is a modular Windows security service focused on process inspection, PowerShell telemetry, and automated response enforcement. It’s built entirely in C++ and designed for minimal dependencies, direct API usage.

security cpp powershell firewall etw defender edr armourer

Updated Nov 2, 2025
C++

nasbench / EVTX-ETW-Resources

Event Tracing For Windows (ETW) Resources

windows detection logging tracing etw windows10 event-tracing-for-windows windows11

Updated Oct 30, 2025
Python

microsoft / profile-explorer

CPU profiling trace viewer

windows performance cpu profiler x64 etw arm64

Updated Oct 27, 2025
C#

mannyfred / LilETW

Shitty C++20 single-header ETW util for real-time event consumption and member parsing

etw

Updated Oct 26, 2025
C++

wuanzhuan / system_monitor

Monitor windows kernel event, based on etw, development in rust. A replacement of procmon. more events and useful filter. Typically can check handle leak for a few weeks.

windows process-monitor etw procmon handle-leak

Updated Oct 22, 2025
Rust

n4r1b / ferrisetw

Basically a KrabsETW rip-off written in Rust

microsoft windows rust tracing etw

Updated Oct 20, 2025
Rust

lowleveldesign / wtrace

Command line tracing tool for Windows, based on ETW.

trace diagnostics etw profiling strace

Updated Oct 15, 2025
C#

Siemens-Healthineers / ETWAnalyzer

Command line tool to analyze one/many ETW file/s with simple queries for common issues.

etw traceprocessing

Updated Nov 12, 2025
C#

rabbitstack / fibratus

Adversary tradecraft detection, protection, and hunting

python windows golang security instrumentation windows-kernel etw mitre blueteam adversary edr

Updated Oct 14, 2025
Go

mannyfred / MentalTi

Mentally ill EtwTi parser

etw threat-intelligence detection-engineering detection-evasion

Updated Oct 13, 2025
C++

theSecHunter / Hades-Windows

Hades HIDS/HIPS for Windows

kernel rootkit etw hids windows-driver wfp hips edr minifilter host-security window-security

Updated Oct 10, 2025
C++

lowleveldesign / debug-recipes

My notes on software troubleshooting, covering debugging and tracing techniques and tools. Available at wtrace.net.

debugging etw windbg profiling

Updated Oct 3, 2025
HTML

NLog / NLog.Etw

NLog Target for Event Tracing for Windows (ETW)

csharp dotnet etw nlog nlog-target netstandard20

Updated Sep 21, 2025
C#

duyl328 / NetVizor

See Through Your Network

vue csharp etw net network-analysis

Updated Aug 20, 2025
C#

itoleck / WindowsPerformance

Various Windows Performance files, scripts, settings and documents

windows debugging performance etl windows-10 etw windows10

Updated Aug 19, 2025
PowerShell

Improve this page

Add a description, image, and links to the etw topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the etw topic, visit your repo's landing page and select "manage topics."