Threat Hunting with sysmon 101

less than 1 minute read

Introduction

I will begin a new series of blog posts where I engage in threat hunting using sysmon logs. Throughout the process, I will utilize free tools and Python to conduct the hunts. The objective is to document and share my previous knowledge and insights.

Stay tuned.

Share on

X Facebook LinkedIn Bluesky

When Bots Get Sneaky: How ProxySentry.io Helps You Fight Back Against Residential Proxy Attacks

3 minute read

You know that sinking feeling when you check your analytics and something’s… off? Maybe it’s a spike in failed login attempts at 3 AM. Or perhaps your fraud ...

Threat Hunting with sysmon 101 part 4: Loading events in pandas dataframe

4 minute read

Loading sysmon events in pandas dataframe In the past article, we used powershell scripting to filter the events and perform basic querying, in this article ...

Threat Hunting with sysmon 101 part 3: Command line investigation

5 minute read

Threat Hunting with sysmon: Command line investigation In this article, we’ll look at Mitre technique T1059.001 Command and Scripting Interpreter: PowerShell...

Threat Hunting with sysmon 101 part 2: Process creation event