Today on the 25th birthday of Sysinternals Sysmon 1.0.0 for Linux has been released and it is open source software!

This short blog is a quick overview of the capabilities to give you an idea of what you can expect from this initial release.

Installing Sysmon for Linux

Sysmon relies on their implementation of…

In today’s edition, we’ll cover two techniques: suspicious parent-child process relationships and impersonation with the RunAs command.

Today’s content

  • Suspicious parent-child process relationships
  • Impersonation using ‘RunAs’

Suspicious parent-child relationships for operating system processes

As referenced in an article earlier this year by the cool folks from Elastic, current solutions for malware detection (AV & machine learning) have been more…

We believe there isn’t enough content available to detect advanced adversary techniques. That’s why every two weeks on “FalconFriday”, we will release hunting queries to detect offensive techniques. Today: part three!

Today’s content:

  • Detecting suspicious code compilation.
  • Detecting the malicious use of Certutil.

We love to hear back from you on the…

Olaf Hartong

FalconForce | DFIR | Threat hunter | Data Dweller | Splunk | Sysmon | Microsoft MVP

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store