ETW Patching Module

Versionv2.0

Difficulty Advanced

Downloads10,065

Rating (0.00)

Updated2025-03-15

CategoryEvasion & Stealth

ETW Patching Module

$149.99

ETW Patching Module

Deshabilita ETW tracing en el proceso actual:

EtwEventWrite patch — Parchea ntdll!EtwEventWrite para retornar inmediatamente (ret 0).
Provider disable — Deshabilita providers específicos: Microsoft-Windows-Threat-Intelligence, DotNET-Runtime.
Kernel ETW — Técnica para deshabilitar kernel-level ETW via NtSetSystemInformation (requiere admin).
Selective patching — Solo parchea los providers que monitorizan actividad ofensiva, dejando el resto intacto para reducir sospecha.
Restore function — Restaura bytes originales al terminar para no dejar evidencia de tampering.

Add to Cart Buy Now

Reviews (0)

No reviews yet. Be the first!

Related Tools

AMSI Bypass Payload Generator

Evasion & Stealth

AMSI Bypass Payload Generator

Evasion & Stealth

Shellcode Loader with Sandbox Evasion

PowerShell Obfuscation Engine

Evasion & Stealth

PowerShell Obfuscation Engine

EDR Unhooking Library

Evasion & Stealth

EDR Unhooking Library