Many SIEM installations use sysinternals sysmon as one of many data sources. Mark Russinovich (Microsoft Azure CTO, co-creator of sysinternals) released a video explaining some of the new features of Sysmon 11, which was released on 28th April.
A new useful feature is archiving a file, just before it is deleted. Some attackers delete their tools after gathering information. In order to understand their tools or even search for MD5 or imphashes, the sysmon 11 archiving function can be helpful.
(Source: https://www.youtube.com/watch?v=_MUP4tgdM7s)
Surface 2 Pro Install Linux Ubuntu 24.04 LTS
Windows 10 support ended. Microsoft Surface 2 Pro devices can't officially be updated to Windows 11. This guide shows how to switch to L...
.png)
-
Mitres Att&ck framework writes about persistence TA0003 : " The adversary is trying to maintain their foothold. " There are m... -
You can either use the GUI of the FortiGate to list all certificates, or use the CLI. Either using the commands: Using the "get...
-
If you are running a Windows Server 2016, are using the integrated Windows Server Backup utility and you want to save the backup to a remote...
No comments:
Post a Comment