YAMAGoya (Yet Another Memory Analyzer for malware detection and Guarding Operations with YARA and Sigma) is a C# application that leverages Event Tracing for Windows (ETW) to capture real-time system events. It applies detection rules written in...
Surveyor Advanced Windows kernel analysis and system profiling tool. Provides comprehensive visibility into kernel callbacks, ETW sessions, driver analysis, and system state through both userland APIs and optional kernel driver integration. Key features Kernel...
BamboozlEDR A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes. BamboozlEDR features a TUI interface and can generate realistic security events across multiple Windows ETW providers to...
COMmander is a tool written in C# that can enrich defensive telemetry around RPC and COM. For a detailed blog post on the development of the tool and ruleset, see Jacob Acuna’s blog post COMmander leverages...
JonMon-Lite is a research proof-of-concept “Remote Agentless EDR” that creates an ETW Trace Session through a Data Collector Set. This session can be created locally or remotely. Events Collected JonMon-Lite collects the following data:...
There is no shortage of protective tools today, yet unfortunately, the number of threats continues to outpace them—particularly those that operate subtly and invisibly, penetrating the very core mechanisms of an operating system. Detecting...
RustPatchlessCLRLoader The RustPatchlessCLRLoader leverages a sophisticated integration of patchless techniques for bypassing both Event Tracing for Windows (ETW) and the Windows Antimalware Scan Interface (AMSI) across all threads with the goal of loading .NET...
