C/C++ Performance Profiler

Adversary tradecraft detection, protection, and hunting

An advanced profiler for .NET Applications on Windows

KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.

Command line tracing tool for Windows, based on ETW.

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

My notes on software troubleshooting, covering debugging and tracing techniques and tools. Available at wtrace.net.

ETW Python Library

C# POC to extract NetNTLMv1/v2 hashes from ETW provider

Document ETW providers

CPU profiling trace viewer

A small real time SyncML protocol Viewer

Capture and parse CDP and LLDP packets on local or remote computers

Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool

Simple project that demonstrates how an ETW consumer can be created just by using NTDLL

让Etwhook再次伟大! Make InfinityHook Great Again!

TraceSpy is a pure .NET, 100% free and open source, alternative to the very popular SysInternals DebugView tool.

An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.

.NET Logging adaptors

Two in one, patch lifetime powershell console, no more etw and amsi!