Blue-Team tool detecting untrusted processes accessing sensitive data using ETW
Loonaro - Automated Malware Analysis
Monitor windows kernel event, based on etw, development in rust. A replacement of procmon. more events and useful filter. Typically can check handle leak for a few weeks.
Event Tracing for Windows EDR bypass in Rust (usermode)
Windows EDR agent in Rust. ETW telemetry → Sigma/YARA detection → ECS alerts. User-mode, open-source, high-performance.
TraceLogging events and tracing
Add a description, image, and links to the etw topic page so that developers can more easily learn about it.
To associate your repository with the etw topic, visit your repo's landing page and select "manage topics."