sysmon Archives - LRQA Nettitude Labs

PoshC2

LRQA Nettitude Command & Control Framework - Free and Open Source

Download
Vulnerability Research

Regular vulnerability disclosures

CVEs
Red Team Training

Learn to be the best, from the best

Sign up

Effectively analysing sysmon logs

We previously covered setting up and using sysmon (System Monitor), which is part of the Sysinternals suite from Microsoft. In this article, we’ll walk through analysing the logs using Microsoft’s LogParser utility. […]

By Adrian Shaw|2017-03-09T12:08:48+00:00March 9, 2017|

Putting attackers in hi vis jackets with sysmon

Background Sysmon (short for system monitor) has been part of the Sysinternals suite for several years. It comprises kernel-mode driver and a Windows service that monitors system events and writes those to Windows [...]

By Adrian Shaw|2017-02-16T19:05:44+00:00February 16, 2017|