Mastodon Feed
Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
SwiftOnSecurity@infosec.exchange wrote:
The full story of sysmon-config, the first (to my awareness) comprehensive open source HIDS monitoring solution configuration, is something I would like to tell sometime.
It was in fact not generated for a security job, strictly. I needed to understand the sensitive modifications being made to our Windows systems as Helpdesk. And I did not want to filter Procmon again.
It turns out the modifications that screw things up... kind of include the malware and spyware ones. Especially back then.