The default logging capabilities from Microsoft are only helpful to a certain extent. This session will discuss how to utilize the Sysinternals tool Sysmon for threat hunting, testing detections and more. The session will explain use cases and look at real examples of Sysmon successfully detecting malicious behavior in the wild.


RSA® Conference, the world’s leading information security conferences and expositions, today concluded its 31st annual event at the Moscone Center in San Francisco. The year’s event attracted over 26,000 attendees, including 600+ speakers, 400+ exhibitors, and over 400 members of the media. Throughout the week, attendees networked on the expo floor and participated in keynote presentations, track sessions, tutorials, seminars, and special events.

Several of the most pressing topics discussed during this year’s Conference included issues surrounding privacy and surveillance, the positive and negative impacts of machine learning and artificial intelligence, the nuances of risk and policy, and cybersecurity-focused innovations across crypto and blockchain.

Getting The Most Out Of Sysmon

Conference: RSA Conference 2022

Abstract

Post a comment

Related work

Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities

The Hunt for Major League IoT-ICS Threats: A Deep Dive into IoT Threat Terrain

Zero bugs found? Hold my Beer AFL! How To Improve Coverage-Guided Fuzzing and Find New 0days in Tough Targets

My Cloud is APT's Cloud: Investigating and Defending Office 365

Kyverno Introduction and Deep Dive - Charles

Return to Sender - Detecting Kernel Exploits with eBPF