You are browsing the archive for Sysmon.

Sysmon – ideas, and gotchas

February 14, 2019 in Sysmon

This post is about ensuring sysmon config works as it should. And also to introduce a few unusual ideas, and highlight a couple of gotchas that perhaps not everyone thinks […]

Can we stop detecting mimikatz please?

February 3, 2019 in Compromise Detection, Sysmon

Obviously, the title of this post is a joke. We should be detecting mimikatz as a priority. What I’d like to explore though is how to go a little bit […]