You are browsing the archive for Sysmon.

Event ID 7039 – out…pid a pid

February 26, 2021 in Compromise Detection, Sysmon, threat hunting

This event is not very well explained on the internet, so I took a liberty of describing it below: The event message is as follows: A service process other than […]

Code Execution via surgical callback overwrites (e.g. DNS memory functions)

June 12, 2019 in Code Injection, Sysmon

Today I looked at Sysmon v10 and its support for logging DNS queries. It’s a pretty cool feature that intercepts all the DNS requests on a monitored host, and if […]