Entries by Adrian Shaw

Putting attackers in hi vis jackets with sysmon

Background Sysmon (short for system monitor) has been part of the Sysinternals suite for several years.  It comprises kernel-mode driver and a Windows service that monitors system events and writes those to Windows event logs.   The fact that it is a kernel mode driver gives it a significant advantage over many other monitoring agents.  As […]