51sec.org
Sysinternals Tool Sysmon Usage Tips and Tricks - Cyber Security Memo
Microsoft Sysinternals tool Sysmon is a service and device driver, that once installed on a system, logs indicators that can greatly help track malicious activity in addition to help with general troubleshooting. Sysinternals from Web Browser: https://live.sysinternals.com/ Basic Sysmon Usage commands: Installation: sysmon -i -accepteula [options] Extracts binaries into %systemroot% Registers event log manifest Enables default configuration Note: Once this command runs,…