• Skip to primary navigation
  • Skip to content
  • Skip to footer
11x256's Infosec blog
  • Posts
  • Categories
  • Tags
  • About
    abdo

    abdo

    Cybercrime researcher.

    • Website
    • Twitter
    • GitHub

    Threat Hunting with sysmon 101

    less than 1 minute read

    Introduction

    I will begin a new series of blog posts where I engage in threat hunting using sysmon logs. Throughout the process, I will utilize free tools and Python to conduct the hunts. The objective is to document and share my previous knowledge and insights.

    Stay tuned.

    Tags: ELK, hunting, logs, sysmon, Threat, Threat-hunting, windows

    Categories: Threat_hunting

    Updated: July 17, 2023

    Share on

    X Facebook LinkedIn Bluesky
    Previous Next

    You May Also Enjoy

    When Bots Get Sneaky: How ProxySentry.io Helps You Fight Back Against Residential Proxy Attacks

    3 minute read

    You know that sinking feeling when you check your analytics and something’s… off? Maybe it’s a spike in failed login attempts at 3 AM. Or perhaps your fraud ...

    Threat Hunting with sysmon 101 part 4: Loading events in pandas dataframe

    4 minute read

    Loading sysmon events in pandas dataframe In the past article, we used powershell scripting to filter the events and perform basic querying, in this article ...

    Threat Hunting with sysmon 101 part 3: Command line investigation

    5 minute read

    Threat Hunting with sysmon: Command line investigation In this article, we’ll look at Mitre technique T1059.001 Command and Scripting Interpreter: PowerShell...

    Threat Hunting with sysmon 101 part 2: Process creation event

    3 minute read

    Threat Hunting with sysmon: Process creation event

    • Twitter
    • GitHub
    • Feed
    © 2025 11x256's Infosec blog. Powered by Jekyll & Minimal Mistakes.