Source code for [new ver 2.1.51.590] of ETWPM2Monitor2.1 (blue teaming tool) Published,
in this version some bugs fixed + New Tab called "Alarms by Memory Scanner" added, i did not add events of this new Tab to Windows event logs because of a lot (false positive) so i decided to show events only without adding to WinEventLog called ETWPM2Monitor2 in this update...
this code needs more test but i think its time to publish new ver ;)

ETWPM2Monitor2.1 C# Source code => https://lnkd.in/eFnn2TzQ

#blueteam #soc #threathunting #pentesting #redteam #etw #monitoring #eventlogs #memoryscanner #scanner #inmemory

Sliver-C2 and moving from Beacon Mode to Session Mode ...

AV bypassed, working with some C2 server is really important, like Sliver...
#c2c #blueteam #soc #threathunting #pentesting #redteam #etw #monitoring #eventlogs #memoryscanner #scanner #inmemory

New update of code ETWPM2Monitor2.1 now is ready after days working on this (some bugs fixed) and i will publish this new ver soon [after some little bit new codes ;D] it almost is ready , as you can see Ekko detected via Extended Memory Scanners ... & all these logs will save in windows event log too and will add to System/Detection logs Tab ....

this tool created in 2021 and after 2 years now its better than before but still has some bugs ;D , it better than before because of some external code and Memory Scanners which made by others, so i should say thanks to all Blue team Developers and Red-team Developers to help me to make this project ETWPM2Monitor2.1 ...

Note: New Memory Scanner [Hunt-Sleeping-Beacons] Added to my #blueteam tools "#ETWPM2Monitor2" v2.1 and test was good but it still needs some new codes to be better than this and code almost is ready now my Tool have new #memoryscanner which is for #detecting #Sleepmasking and #Delay of codes for #Beacons etc.

this tool really needed something like this to cover gap for detection... this new scanner will scan processes every 60sec but in the future i will add some smarter code for this to detect processes better than this and ... so in this case this New Scanner was working independently and even without starting ETWProcessMon2.exe this scanner will work in ETWPM2Monitor2.1, as you know ETWPM2Monitor2.1 needs to work with #ETW #events via [running ETWProcessMon2.exe] etc.

#blueteam #pentesting #pentest #redteam #defender #defensivesecurity #defensive #defensive #defensivetools #monitoring #huntbeacons #beacons #cobaltstrike #soc #threatdetection #threathunting

ok , i want to share something for #Blueteamers about "#chatgpt " or "#Youdotcom" #ai websites how much is good/helpful for you and how you can use them to make your own #defensive tools (very fast) but always as #developer you will have your own #bugs so you need work hard on these things , i will create article about this but in this post i will show you with very basic steps you can make your own C# or C++ tools for [Remote thread injection Detection] as you can see in "you.com", my search for monitoring #sysmon event-log [#realtime ] via c# for two EID 8,25 (but you need process creation/network connection event ids too) and our search result have two codes which both have same result, so now with #csharp you can detect these event (king of real-time) also you need Memory scanner which my simple search result was something like this pic but i did not test that (for sure, is working or not) i had my own #memoryscanner tools and C# codes ;D , ...

note : sometimes these codes in these AI platforms which made by others is better than your own old codes so you can replace them (for example for memory scanner i will test this simple code which seems is better and faster than some of part of my own codes ;D but should test in my LAB for sure..)

and finally you can see my own Blue-teaming "SysPM2Mon2.7.exe" tools (which background of code was something like these steps in these pictures but my memory scanner is "Pe-sieve.exe" + my own C# code for Memory scanner, i had 2 memory scanners in this tool ;D)
so as you can see As #Pentester and #SecurityResearcher i made my own Blue-teaming tools (#opensource which is available in my github) so you can do same things with your own IDEA , but now with these #ai "Chatgpt" , "YOU.COM" , ... websites you can make them faster and much better...
i will create an article about this but i am working on my things and research about my new ebook also some codes for ebook, so i am very busy to make article now but i will create that ;)
#blueteam #redteam #pentesting #securityresearch #defensive #ai #chatgpt #youdotcom