Bypass the Event Trace Windows(ETW) and unhook ntdll.
-
Updated
Sep 29, 2023 - C
#
etw-evasion
Here are 10 public repositories matching this topic...
Two in one, patch lifetime powershell console, no more etw and amsi!
-
Updated
Apr 27, 2025 - Go
A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal builder.
obfuscation powershell persistence malware shellcode evasion pe-loader bypass-antivirus crypter shellcode-loader payload-generator xor-encryption redteam shellcode-encoder edr-bypass etw-evasion etw-bypass
-
Updated
Apr 24, 2025 - C++
Event Tracing for Windows EDR bypass in Rust (usermode)
rust malware hacking pentesting etw malware-research pentest ethical-hacking red-team pentest-tool redteaming redteam edr ethical-hacking-tools redteam-tools edr-bypass edr-evasion etw-evasion etw-bypass
-
Updated
Jun 9, 2024 - Rust
A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow
-
Updated
Jun 26, 2025 - C
code snippet provided demonstrates how to patch the EtwEventWrite function in the ntdll.dll library on Windows using CGO (C Go).
-
Updated
Apr 21, 2025 - Go
A BOF for patching AMSI, ETW and NtTraceEvent aka Sysmon using Trampolines
-
Updated
Apr 26, 2025 - C
Bypassing Event Tracing for Windows (ETW) with CSharp
-
Updated
Jul 20, 2023 - C++
Loads a C# binary in memory within powershell profile, patching AMSI + ETW.
nim powershell etw offensive-security fud red-teaming pentesting-tools amsi-bypass amsi-evasion etw-evasion amsi-patch etw-bypass offensivenim
-
Updated
Jul 22, 2025 - Nim
A proof of concept ETW consumer that captures userland events in real time, displays them, and saves them into an .etl file
-
Updated
Mar 2, 2025 - C
Improve this page
Add a description, image, and links to the etw-evasion topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the etw-evasion topic, visit your repo's landing page and select "manage topics."