Frustration is my fuel
Guides showing how to configure and secure your IT infrastructure.
Using various tools and techniques to our advantage.
As covered in the previous blog, sysmon is very powerful for logging and alerting, however the logs are hidden deep in the folder structure of Event Viewer so ideally we want to be able to have quick access to these logs when threat hunting locally on an asset. (We will cover centralising logs later in …
Continue reading "Detecting a Cyber Attack Part 2 (Sysmon – Create a verbose custom view)"
Now we are finished with our "Creating a Cyber Attack" series where we showed how a cyber attack is put together, we are now going to move onto detection. Sysmon has been around for a while now, but recently is really gaining traction as a must have for organisations. Sysmon basically allows enhanced logging of …
Continue reading "Detecting a Cyber Attack Part 1 (Sysmon – endpoint install)"
@2codemonte 