Sysmon can allow you to improve your decision–making by offering you a glimpse into what is happening on a host. From knowing which processes are communicating to remote C2s or tracking where files are being downloaded from, Sysmon applies functionality that would be nearly impossible to gather if job–specific devices were not put into place. Along with a little bit of Threat Hunting, this webinar intends to show how to make the most of the opportunities Sysmon can provide.
The “Sysmon for the Masses” webinar presentation by Dave Kennedy provides an excellent overview on Sysmon. This webinar will build on some of the principles discussed there.
In this webinar:
- Introduction to Sysmon
- Event Types
- Use Cases
- From initial download to post exploitation
- Demos (recording)
- Relevant event types to look for
- Following activity down the line
- Tips and Tricks