Learning Sysmon - Network Connection (Video 8)

preview_player
Показать описание
In this video, Research Team Lead Carlos Perez goes over how to build a baseline for the system so it is easier to stop outliers in the log for C2 connections, Lateral Movement and Data exfiltration.

Sysmon Modular:

Sysmon Community Guide:

PSGumshoe PowerShell Module

Sysmon Visual Studio Code Extension

Olaf Sysmon Modular video

00:00 Intro
01:58 Fields for the Event
03:12 Controlling Reverse DNS Lookup
04:00 Building a Baseline
10:14 Final Recommendations
  1. TrustedSec
Рекомендации по теме
Learning Sysmon - 0:13:50

Learning Sysmon - Network Connection (Video 8)

Learning Sysmon - 0:11:45

Learning Sysmon - What is Sysmon? (Video 1)

What is sysmon? 0:11:55

What is sysmon? How to use it.

Sysmon Guides: NetworkConnect 0:09:47

Sysmon Guides: NetworkConnect Sysmon

Level-up your host-based 0:12:06

Level-up your host-based monitoring with Sysmon

Learning Sysmon - 0:20:21

Learning Sysmon - Sysmon Configuration File (Video 4)

How To Setup 0:14:35

How To Setup ELK | Elastic Agents & Sysmon for Cybersecurity

How to get 0:10:56

How to get started with Microsoft Sysinternals' Sysmon advanced event logging

Windows SYSMON | 0:58:21

Windows SYSMON | SANS ICS Concepts

Detecting Command and 0:28:07

Detecting Command and Control Frameworks via Sysmon and Windows Event Logging

Hacks Weekly #7: 0:21:33

Hacks Weekly #7: Sysmon - how to set up, update and use?

Learning Sysmon - 0:05:56

Learning Sysmon - Tracking DNS Queries (Video 19)

How to Write 0:10:39

How to Write Sysmon Rules: Getting Fancy(Bear) With Sysmon to Find APT Level Cyber Security Threats

Sysinternals: System Monitor 0:23:00

Sysinternals: System Monitor deep dive (demo) | Sysmon, device, driver, Windows | Microsoft

What is Sysmon? 0:06:43

What is Sysmon? | Day 8

Using Sysmon to 3:40:01

Using Sysmon to Improve your Incident Response and Threat Hunting Capabilities

Learning Sysmon - 0:13:34

Learning Sysmon - Command Line Configuration (Video 3)

Using Sysmon to 0:04:56

Using Sysmon to analyze a malware sample

Sysmon (System Monitor) 0:16:05

Sysmon (System Monitor)

Learning Sysmon - 0:15:44

Learning Sysmon - Detecting abuse via Process Access (Video 10)

The Sysmon Update 1:15:39

The Sysmon Update is Here | Gerard Johansen | 1-Hour

What is sysmon? 0:12:15

What is sysmon? How do I use it?

Defrag Tools - 0:17:12

Defrag Tools - Learn Sysinternals Sysmon with Mark Russinovich

SW Webinar: SYSMON 1:00:36

SW Webinar: SYSMON Gaining Visibility Into Your Enterprise

Комментарии
Автор

very useful information, thx for uploading & sharing!!!!

monnombre
Автор

very nice method to simply pull all the regular events running on your machine 👍

SIEMEnjoyer