Posts Tagged ‘Sysinternals’

Sysmon is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. Sysmon does not provide analysis of the events it generates, nor does it attempt to protect or hide itself from attackers. It runs in the background all the time and writes events to the event log.

Chris Lazari is an IT and Management Professional with over 20 years of experience in the IT industry. The Internet is his work. Chris says that he had a Hyper-V server in his work, ordered in the data center for a particular project. He immediately choked something wrong, and loaded and run the Sysinternals Process Explorer to see if it’s possible to determine what causes the performance problem.

Dimitrios Margaritis is an IT security officer in the European Economic and Social Committee. He holds a degree in Computer Science from the University of Piraeus and a Diploma in Management from Henley Management College.

Government organizations are usually a complex object of opponents, and traditional methods of detection are not very effective. In this presentation, the authors tried to provide an overview of free tools and methods that were implemented in high-risk environments that are constantly being attacked. It will give detailed information about the use of Microsoft Sysmon and Powershell log data for detection – the ability to search from host-based [...]