Saturday, May 24, 2025
HomeForensics ToolsSilkETW - New Free Threat Intelligence Tool to Capture and Analyze Windows...

SilkETW – New Free Threat Intelligence Tool to Capture and Analyze Windows Events Logs

Published on

SIEM as a Service

Follow Us on Google News

SilkETW is a flexible tool aimed to reduce the complexities of ETW(Event Tracing for Windows) and to put actionable data in the hands of researches on both the defensive and offensive side.

ETW is a kernel-level tracing facility that allows tracing the kernel logs or application-defined events logs. SilkETW makes the job straightforward by providing an interface for data collection, various filtering mechanics, and an output format that can be easily processed.

“SilkETW is not solely a defensive tool. ETW data can be used for diagnostics, it can help in reverse engineering, vulnerability research, detection, and evasion.”

- Advertisement - Google News
SilkETW

SilkETW developed by FireEye, it provides a simple interface to record trace data and the output can be extracted is JSON format.

The extracted data can be imported to PowerShell locally or to 3rd party infrastructure such as Elasticsearch for event filtering.

The tool is developed.Net v4.5, a number of 3rd party libraries and Yara functionality to filter or tag event data.

https://twitter.com/FireEye/status/1108405586595627013

By having the data in hand it is easy to filter the exact event that you want to trace, here researchers demonstrated by identifying a Mimikatz execution.

Also, the SilkETW includes a number of command line flags that allow the user to restrict the events that are captured.

It includes the following capabilities such as event name, the process ID, the process name, and the opcode.

The data collection can be triggered by using the command .NET ETW data and the “-yo” option here indicates that it will write only the Yara matches to file.

SilkETW.exe -t user -pn Microsoft-Windows-DotNETRuntime -uk 0x2038 -l verbose -y
C:\Users\b33f\Desktop\yara -yo matches -ot file -p C:\Users\b33f\Desktop\yara.json

SilkETW is currently research focused data-collection tool with robust yet rudimentary capabilities. the tool can be downloaded on GitHub.

Learn : Complete Hacking Tools in Kali Linux Operating System

Also Read:

A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals

Most Important Security Tools and Resources For Security Researcher and Malware Analyst

fsociety a Complete Hacking Tools pack that a Hacker Needs – Penetration Testing Framework

These are the Top 5 Publicly Available Hacking Tools Mostly used By Hackers

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Exploit PyBitmessage Library to Evade Antivirus and Network Security Detection

The AhnLab Security Intelligence Center (ASEC) has uncovered a new strain of backdoor malware...

Europol Launches Taskforce to Combat Violence-as-a-Service Networks

Europol has announced the launch of a powerful new Operational Taskforce (OTF), codenamed GRIMM, to...

How To Use Digital Forensics To Strengthen Your Organization’s Cybersecurity Posture

Digital forensics has become a cornerstone of modern cybersecurity strategies, moving beyond its traditional...