Sysmon

Sysmon vs Microsoft Defender for Endpoint, MDE Internals 0x01

FalconFriday — Direct system calls and Cobalt Strike BOFs — 0xFF14

Sysmon 13.10 FileDeleteDetected

The Sysinternals team has released Sysmon 13.10 and adds the…

Sysmon 13 — Process tampering detection

Symon 13 adds a new detective capability to your detection…

Sysmon 12.0 — EventID 24

Sysmon 12 is out, with a new event ID: number 24. A very useful new feature, clipboard monitoring.

Introducing Falcon Friday

Every two weeks on “Falcon Friday”, we’ll release hunting queries to detect…

Using Azure Pipelines to validate my Sysmon configuration

Sysmon 11.1 Bug fixes, a schema update and a new field

Sysmon 11 — DNS improvements and FileDelete events