Monday, October 16, 2017
Home / Downloads / Fibratus – tracing the Windows Kernel

Fibratus – tracing the Windows Kernel

Fibratus is a tool which is able to capture the most of the Windows kernel activity – process/thread creation and termination, file system I/O, registry, network activity, DLL loading/unloading and much more. Fibratus has a very simple CLI which encapsulates the machinery to start the kernel event stream collector, set kernel event filters or run the lightweight Python modules called filaments. You can use filaments to extend Fibratus with your own arsenal of tools.

Download the latest release here.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Unveiling the mask V1.0

Unveiling the mask V1.0, pdf write up and analysis by Kaspersky Labs. Excerpt from the …