C/C++ Performance Profiler

Adversary tradecraft detection, protection, and hunting

Command line tracing tool for Windows, based on ETW.

KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.

A wireshark plugin to instrument ETW

Event Tracing For Windows (ETW) Resources

The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能， 而不用关心底层驱动的开发、维护和兼容性问题，让其可以专注于业务开发

My notes on software troubleshooting, covering debugging and tracing techniques and tools. Available at wtrace.net.

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

ETW Python Library

C# POC to extract NetNTLMv1/v2 hashes from ETW provider

Document ETW providers

Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool

Capture and parse CDP and LLDP packets on local or remote computers

A small real time SyncML protocol Viewer

Simple project that demonstrates how an ETW consumer can be created just by using NTDLL

让Etwhook再次伟大! Make InfinityHook Great Again!

An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.

.NET Logging adaptors

Command line tool to analyze one/many ETW file/s with simple queries for common issues.