[New Tool] El Jefe v2.1 – Windows Process Monitoring Released

El Jefe (pronounced ‘ell-HEFF-ay’) is a Windows based process monitoring solution. El Jefe produces a unique view into how processes are created, what privileges they possess and what child processes they spawn. All of this information is stored, and categorized into a central logging server, which allows a user to quickly see any suspicious behavior that could indicate compromise or malware proliferation.

Changelog v2.1

  • Improved error handling and logging in client and server.
  • Added Cuckoo integration with web ui (so far only to view Cuckoo’s configuration and configured machines)
  • Improved Cuckoo reports in webui. More detailed reports.
  • Added a web ui feature to select a specific vm for Cuckoo analysis.
  • Added Camal integration.
  • Added Remote Vmware integration. Now, Vmware Server could be in a different server than Cuckoo Sanbox.
  • Added client verification on server.
  • Improved the web ui interface when listing stations, a last seen column was added.
  • Installer settings (username, password, server and port) are set from the webui, if a new user is entered on this form the user will be created automatically no need to user scripts/addxmluser.py anymore.
  • Added proxy support
  • Added event filters that trigger an email warning or a sandbox analysis of the suspicious binary.


Supported Platforms and Installations

  • Client: – Windows 2000/XP (32/64) to Windows 7 (32/64)
  • Server: – VMWare Player/Workstation


More Information:


Download El Jefe v2.1


www.artssec.com @maxisoler