ActiveEndpointInspectorSuite - Baseline-Driven Threat Hunting on Windows - Overview and Usage

Описание: Other content:    • Michał Sołtysik - Cybersecurity content  

Official website: https://michalsoltysik.com/

Michał Sołtysik is a Cybersecurity Consultant and Blue Team, Purple Team, and Red Team Analyst, bringing a broad and in-depth range of expertise to his cybersecurity practice.

He is also a Digital and Network Forensics Examiner, Cyber Warfare Organizer, and SOC Trainer, specializing in SOC operational capability and maturity development, network edge traffic profiling, and adversary emulation in EDR testing.

GitHub repository: https://github.com/MichalSoltysikSOC/...

In this video, I demonstrate Active Endpoint Hash & IP Inspector Suite, a Windows endpoint inspection suite designed to support baseline creation, threat hunting, and Blue Team operations.

0:00 - ActiveEndpointInspectorSuite correlates multiple endpoint perspectives in a single Windows GUI, including:

(1) Running processes with SHA-256 hashing.
(2) Network connections correlated with owning processes.
(3) Windows services and their binaries.
(4) Scheduled tasks expanded into individual actions.
(5) Common Windows autostart persistence mechanisms.

The suite supports optional reputation enrichment using VirusTotal and AbuseIPDB, allowing analysts to quickly enrich findings while maintaining a baseline-first workflow.

In this demo, I walk through:

4:56 - (1) Accepting API access notices, configuring session-only API keys, and understanding button behavior for baseline creation and detection of newly introduced items.
8:30 - (2) Creating a clean baseline across all modules.
9:40 - (3) Using Skip-based scanning to focus only on newly introduced artifacts.
15:33 - (4) Detecting processes, network connections, services, scheduled tasks, and autostart entries created by a pseudo-malware sample.
19:10 - (5) Exporting collected evidence and logs to CSV for further analysis and reporting.

21:32 - This tool is designed to assist with malware analysis, persistence hunting, and endpoint triage, while emphasizing that reputation data should never be used as the sole decision factor.

All tools shown in this video are free for personal and commercial use.

Contact:
Mail: [email protected]
LinkedIn:   / michal-soltysik-ssh-soc  
GitHub: https://github.com/MichalSoltysikSOC
Accredible: https://www.credential.net/profile/mi...
Credly: https://www.credly.com/users/michal-s...