Posts tagged: sysmon
3 posts
November 21, 2025
HTB Sherlock - Unit 42: Sysmon Log Analysis & UltraVNC Intrusion Detection
DFIR analysis of Sysmon logs to detect and investigate an UltraVNC-based intrusion campaign, focusing on file creation events, process execution, and network indicators.
Read More → November 19, 2025
Windows 11 Native Sysmon: Built-In Telemetry Without the Deployment Pain
Microsoft is integrating Sysmon directly into Windows 11 and Windows Server 2025, eliminating manual deployments and giving defenders richer telemetry, simpler reporting, and faster threat visibility.
Read More → January 22, 2025
System Monitor (Sysmon)
System Monitor (Sysmon) is a Windows system service and device driver that monitors and logs system activity to the Windows event log, providing detailed information about process creation, network connections, and file changes.
Read More →