Windows

Windows notifier tool that detects RDP, SMB and RPC connections by monitoring ETW event logs

Jan 13, 2023 1 min read

ETWMonitor

Windows notifier tool that detects RDP, SMB end RPC connections by monitoring ETW event logs

Changelog

On last version (V 1.1) : – Detect and notify WinRM connections – System tray icon when running

V 1.0 : – Detect and notify RDP, SMB and RPC connections

What da fuck is this ?

On Windows, ETW (for Event Tracing for Windows) is a mechanism to trace and log events that are raised by user-mode applications and kernel-mode drivers. ETWMonitor monitors events in real time to detect suspicious network connections.

Installation

Compile with Visual Studio 2022 and launch ETWMonitor.exe as Administrator.

Future improvements

– Include more protocols detections – Build a Client-Server version with Agents and a collector server

GitHub

View Github

Windows Notify

John was the first writer to have joined pythonawesome.com. He has since then inculcated very effective writing and reviewing culture at pythonawesome which rivals have found impossible to imitate.