Rust Windows EDR (user-mode, no driver): ETW → Sysmon-style normalization → Sigma/Yara/IOC detection → ECS NDJSON alerts.
TraceLogging events and tracing
Event Tracing for Windows EDR bypass in Rust (usermode)
Monitor windows kernel event, based on etw, development in rust. A replacement of procmon. more events and useful filter. Typically can check handle leak for a few weeks.
Incident Response blue-team tool that uses ETW to detect untrusted processes accessing sensitive data, with policy-based controls and SIEM alerting
Experimental closed-loop EDR evaluation framework, automated artifact mutation, sandboxed execution, telemetry collection, and explainable triage. Understands why detections trigger. M.Sc. Cybersecurity thesis (EPFL, 2026).
Loonaro - Automated Malware Analysis
ThreatFalcon: A national Rust endpoint sensor using ETW, Sysmon, and evasion signals aligned with offensive tradecraft, focused on transparency and explainability.
ETW-based telemetry agent for Windows 11
🔍 Detect threats with Rustinel, a high-performance Windows EDR agent that leverages ETW to collect telemetry and outputs alerts for easy SIEM integration.
Add a description, image, and links to the etw topic page so that developers can more easily learn about it.
To associate your repository with the etw topic, visit your repo's landing page and select "manage topics."