Learning Sysmon Video Series
Research Team Lead Carlos Perez breaks down the inner workings of System Monitor (Sysmon) in a series of 22 educational videos. Watch them all now!
Learning Sysmon
Video list:
What is Sysmon? (Video 1) - https://youtu.be/kESndPO5Fig
Installation (Video 2) - https://youtu.be/MlGc44dfFBg
Command Line Configuration (Video 3) - https://youtu.be/2JHjRR2Wt4g
Sysmon Configuration File (Video 4) - https://youtu.be/VKVSedPGDgY
Rule and Filter Order (Video 5) - https://youtu.be/KBsEAaZFcyI
Process Tracking (Video 6) - https://youtu.be/46-alN2_vlo
File Create Time (Video 7) - https://youtu.be/cN714yh7UF4
Network Connection (Video 8) - https://youtu.be/y4cpuliY4dk
Tracking When Drivers Are Loaded (Video 9) - https://youtu.be/Fs7x7PywdzU
Detecting abuse via Process Access (Video 10) - https://youtu.be/51YRHDl93f4
Tracking abuse of RawAccess Read (Video 11) - https://youtu.be/lgxzq1FQGEA
Detecting use of NamedPipes (Video 12) - https://youtu.be/WHK0WcH3Tug
Tracking use of CreateRemoteThread (Video 13) - https://youtu.be/kefTgrn9pUE
Prioritizing Coverage (Video 14) - https://youtu.be/5AQ19x08wHI
File Create Stream Hash Event (Video 15) - https://youtu.be/rrAGRdxf154
Tracking and Blocking File Creation (Video 16) - https://youtu.be/Jzx4bx7ZAAA
Tracking File Deletion and Blocking Shredding (Video 17) - https://youtu.be/60FlRU--5fs
Tracking Clipboard Change (Video 18) - https://youtu.be/2588xRlJG7s
Tracking DNS Queries (Video 19) - https://youtu.be/uwyiGFjPYa8
Tracking WMI Permanent Events (Video 20) - https://youtu.be/UITVJ_AozQo
Detecting Process Tampering (Video 21) - https://youtu.be/iAJMUNt8OcY
Tracking Registry Actions (Video 22) - https://youtu.be/hy5s1pnaO2I