Hacks Weekly #7: Sysmon - how to set up, update and use?

preview_player
Показать описание
In this tutorial, I will show you how to set up Sysmon correctly, as well as how to update it with a custom configuration. In addition, I'm super excited to show you tools that our team wrote to support system logging and to extract information about what is happening, for example, with your processes communicating with the network. Let’s dive into Sysmon.

  1. CQURE Academy
  2. forensics
  3. Mark Russinovich
  4. Thomas Garnier
  5. Windows Internals
  6. sysinternals
Рекомендации по теме
Hacks Weekly #7: 0:21:33

Hacks Weekly #7: Sysmon - how to set up, update and use?

Hacks Weekly #23: 0:08:40

Hacks Weekly #23: Building A Perfect Sysmon Configuration File

27 Sysmon 0:20:51

27 Sysmon конспектируем процессы

Hacks Weekly #54 0:04:31

Hacks Weekly #54 Crashing Application

Hack The Box 0:25:35

Hack The Box SOC Analyst Lab - Unit42 (Sysmon)

Hacks Weekly #31: 0:14:11

Hacks Weekly #31: NSE Scripts – More Than Scanning

Le HACK 2019 0:46:59

Le HACK 2019 - Sysmon Internals - Stefan Le Berre

The Sysmon Update 1:15:39

The Sysmon Update is Here | Gerard Johansen | 1-Hour

How to Write 0:10:39

How to Write Sysmon Rules: Getting Fancy(Bear) With Sysmon to Find APT Level Cyber Security Threats

Cybersecurity Tool: Sysmon 0:07:41

Cybersecurity Tool: Sysmon Installation Tutorial

Level-up your host-based 0:12:06

Level-up your host-based monitoring with Sysmon

Sysmon: PowerShell Use 0:05:31

Sysmon: PowerShell Use Case 2

Threat Hunting via 0:51:01

Threat Hunting via Sysmon - SANS Blue Team Summit

Hacks Weekly #8: 0:14:04

Hacks Weekly #8: What to do after hack – 5 unusual places where you can find evidence

Sysmon FileBlockExec 0:03:27

Sysmon FileBlockExec

Windows SYSMON | 0:58:21

Windows SYSMON | SANS ICS Concepts

Hacks Weekly #12: 0:08:12

Hacks Weekly #12: Where we can find different kinds of passwords in the operating system?

Sysmon: Patching is 0:01:09

Sysmon: Patching is not Enough

Hacks Weekly #22: 0:08:33

Hacks Weekly #22: CQURE’s Discovery in Data Protection API

Sysmon Use Case 0:07:41

Sysmon Use Case 4 Bogus Windows Processes

Sysmon: PowerShell Use 0:08:30

Sysmon: PowerShell Use Case 3 Obfuscation

Hacks Weekly #14: 0:08:54

Hacks Weekly #14: How to specify permissions to services in Windows by using SDDL?

Hacks Weekly #16: 0:10:03

Hacks Weekly #16: How to extract password from the browser?

How to get 0:10:56

How to get started with Microsoft Sysinternals' Sysmon advanced event logging

Комментарии
Автор

You are simply awesome. No words to say. I have never seen such a video.

shanifsalim
Автор

Thank you so much of the video :) please share data exfiltration techniques detection using sysmon if possible

hemav
Автор

Thank you very much Paula, really helped me to understand sysmon in depth. Is it possible to include how much data (in KB or MB) went out on destination port. size of the data. This is the thing lacking in CQSysmonNetAnalyzer tool which is really a great tool. Please reply or if you can guide how to get this also.

shahg
Автор

We got a beautiful instructor and an excellent teacher good stuff you teach my friend good stuff

jackhammer
Автор

i'm currently trying to inform myself more in to microsoft security tooling etc, eventually i want to specialise in pentesting, what documentation en certifications do you reccomend. now i'm doing 70-744 which is pretty new

fadinoufal
Автор

Thank you very much for this useful video, however I have an issue, when i load the configuration file xml, the sysmon service crashed so I need to launch it manually, do you have any idea what is happening? For. Information I'm using windows 7

cruor
Автор

So are you always sitting on the floor like this with your computer when you do your IT stuff? :-D very cool video... you present it in much a more "live" way than the usual "we are sitting or standing straight on our desks like in the news shows" way :-D

Lofote
Автор

All volumes turned to full on my laptop and the video is still too quite and some dialogue is hard to hear

ianhj
Автор

good stuff but not clear...how does config.xml work? i typed the file and saved it to the same folder as sysmon but it doesnt seem to work

robivy
Автор

cool video, but is it possible to speak little bit louder, because my volume on youtube and my laptop are at full and i still have problems hearing what you are saying :)

jeliazkozlatev
Автор

CQuire Tools found Skeeya! trojan in your tools and flagged it?

austinmurphy
Автор

I cant seem to update the config for sysmon. Need help.

sriramgiri
Автор

good video, but i was wondering, why are you almost-whispering? i mean, not only in this video, but in almost all of your videos. don't worry, the mic does not bite :) maybe you could perhaps boost volume next time editing videos? peace ;)

pokusnevidea
Автор

The schema version it exported was incorrect.

marcus.edmondson