adanto / EtwTiViewer
PublicLive ETW-TI event viewer for Windows kernel threat-intelligence telemetry. Research tool for exploring the same signals commercial EDRs rely on.
EtwTiViewer is a research tool that visualizes live Windows threat intelligence telemetry events for studying low-level security operations like process injection and memory manipulation.
How It Works
You hear about a special viewer that lets researchers peek into Windows' hidden security alerts for studying sneaky attacks.
You create an isolated virtual machine on your computer to safely test without risking your main setup.
Using simple build instructions, you assemble the watching helper and viewer app on your test machine.
You place the background helper into your test machine so it can watch system happenings.
You open the colorful viewer window, and colorful status lights show if everything connects smoothly.
With a quick tweak using a debugging helper while the viewer runs, you gain permission to see the secret security stream.
You pick which security alerts interest you, click start, and live events begin streaming into the table.
You watch real-time alerts about memory tricks and injections, logging them if needed, advancing your research safely.
Star Growth
Repurpose is a Pro feature
Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.
Unlock RepurposeSimilar repos coming soon.