New update of code ETWPM2Monitor2.1 now is ready after days working on this (some bugs fixed) and i will publish this new ver soon [after some little bit new codes ;D] it almost is ready , as you can see Ekko detected via Extended Memory Scanners ... & all these logs will save in windows event log too and will add to System/Detection logs Tab ....

this tool created in 2021 and after 2 years now its better than before but still has some bugs ;D , it better than before because of some external code and Memory Scanners which made by others, so i should say thanks to all Blue team Developers and Red-team Developers to help me to make this project ETWPM2Monitor2.1 ...

Note: New Memory Scanner [Hunt-Sleeping-Beacons] Added to my #blueteam tools "#ETWPM2Monitor2" v2.1 and test was good but it still needs some new codes to be better than this and code almost is ready now my Tool have new #memoryscanner which is for #detecting #Sleepmasking and #Delay of codes for #Beacons etc.

this tool really needed something like this to cover gap for detection... this new scanner will scan processes every 60sec but in the future i will add some smarter code for this to detect processes better than this and ... so in this case this New Scanner was working independently and even without starting ETWProcessMon2.exe this scanner will work in ETWPM2Monitor2.1, as you know ETWPM2Monitor2.1 needs to work with #ETW #events via [running ETWProcessMon2.exe] etc.

#blueteam #pentesting #pentest #redteam #defender #defensivesecurity #defensive #defensive #defensivetools #monitoring #huntbeacons #beacons #cobaltstrike #soc #threatdetection #threathunting