etw-evasion

Star

Here are 11 public repositories matching this topic...

unkvolism / Fuck-Etw

Star

Bypass the Event Trace Windows(ETW) and unhook ntdll.

malware evasion red-team etw-evasion ntdll-unhooking

Updated Sep 29, 2023
C

EvilBytecode / Lifetime-Amsi-EtwPatch

Star

Two in one, patch lifetime powershell console, no more etw and amsi!

pentesting etw fud red-teaming amsi amsi-bypass amsi-evasion etw-evasion amsi-patch etw-bypass

Updated Apr 27, 2025
Go

chainski / PandaLoader

Star

A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal builder.

obfuscation powershell persistence malware shellcode evasion pe-loader bypass-antivirus crypter shellcode-loader payload-generator xor-encryption redteam shellcode-encoder edr-bypass etw-evasion etw-bypass

Updated Sep 27, 2025
C++

0xflux / ETW-Bypass-Rust

Star

Event Tracing for Windows EDR bypass in Rust (usermode)

rust malware hacking pentesting etw malware-research pentest ethical-hacking red-team pentest-tool redteaming redteam edr ethical-hacking-tools redteam-tools edr-bypass edr-evasion etw-evasion etw-bypass

Updated Jun 9, 2024
Rust

mochabyte0x / TrampoLatte

Star

A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow

amsi-bypass amsi-evasion trampoline-hooking etw-evasion etw-bypass

Updated Jun 26, 2025
C

EvilBytecode / ETW-Patch

Star

code snippet provided demonstrates how to patch the EtwEventWrite function in the ntdll.dll library on Windows using CGO (C Go).

etw evasion fud av-evasion etw-evasion etweventwrite etw-bypass

Updated Apr 21, 2025
Go

Gurpreet06 / ETW-Patcher

Star

Bypassing Event Tracing for Windows (ETW) with CSharp

hacking etw offsec offsensive-security etw-evasion etw-agent

Updated Jul 20, 2023
C++

ZephrFish / blind

Sponsor

Star

A BOF for patching AMSI, ETW and NtTraceEvent aka Sysmon using Trampolines

sysmon redteam etw-evasion amsi-patch

Updated Dec 7, 2025
C

chainski / Lifetime-Amsi-EtwPatch

Star

Loads a C# binary in memory within powershell profile, patching AMSI + ETW.

nim powershell etw offensive-security fud red-teaming pentesting-tools amsi-bypass amsi-evasion etw-evasion amsi-patch etw-bypass offensivenim

Updated Jul 22, 2025
Nim

mochabyte0x / DumbETW

Star

A proof of concept ETW consumer that captures userland events in real time, displays them, and saves them into an .etl file

etw etw-evasion etw-agent etweventwrite

Updated Mar 2, 2025
C

hamad-alhamad / NTDLL-Unhook

Star

🛠 Unhook and restore the NTDLL .text section using native API for x86/x64/wow64 systems, ensuring cleaner, safer access to NT API functions.

windows malware trojan av evasion bypass-av dropper malware-development apc worm ntdll edr ud malwares process-injection ransomeware edr-evasion etw-evasion ntdll-unhook

Updated Jan 31, 2026
C++

Improve this page

Add a description, image, and links to the etw-evasion topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the etw-evasion topic, visit your repo's landing page and select "manage topics."

Learn more

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

etw-evasion

Here are 11 public repositories matching this topic...

unkvolism / Fuck-Etw

EvilBytecode / Lifetime-Amsi-EtwPatch

chainski / PandaLoader

0xflux / ETW-Bypass-Rust

mochabyte0x / TrampoLatte

EvilBytecode / ETW-Patch

Gurpreet06 / ETW-Patcher

ZephrFish / blind

chainski / Lifetime-Amsi-EtwPatch

mochabyte0x / DumbETW

hamad-alhamad / NTDLL-Unhook

Improve this page

Add this topic to your repo