Frustration is my fuel
Basic detection methods, using native Windows logging and sysmon.
In our first malware hunting blog we looked at an incident where a user had downloaded a malicious application from a website. Here we are going to investigate a malicious document which was received via email. This is our second basic investigation , but we will continue to ramp things up over the coming months. …
Continue reading "Detecting a Cyber Attack Part 4 (Sysmon – Basic malware hunting 2)"
In our first two blogs of this series we installed and configured a basic Sysmon set up with a verbose custom view, now we are going to show how even this simple set up can help with threat hunting and incident response. This is a very basic investigation to start with, but we will continue …
Continue reading "Detecting a Cyber Attack Part 3 (Sysmon – Basic malware hunting)"
As covered in the previous blog, sysmon is very powerful for logging and alerting, however the logs are hidden deep in the folder structure of Event Viewer so ideally we want to be able to have quick access to these logs when threat hunting locally on an asset. (We will cover centralising logs later in …
Continue reading "Detecting a Cyber Attack Part 2 (Sysmon – Create a verbose custom view)"
Now we are finished with our "Creating a Cyber Attack" series where we showed how a cyber attack is put together, we are now going to move onto detection. Sysmon has been around for a while now, but recently is really gaining traction as a must have for organisations. Sysmon basically allows enhanced logging of …
Continue reading "Detecting a Cyber Attack Part 1 (Sysmon – endpoint install)"
@2codemonte 