Yesterday Microsoft released Sysmon v2.0 which was again put together by Mark Russinovich (@ and Thomas Garnier under the famous label of Sysinternals. Here is a blogpost about the first release of Sysmon from my blog. New in version two are: Include a session GUID in each events to allow correlation of events on same…
Tag: Sysmon
Sysinternals Sysmon – a great way to see what´s happening on your system
Two days ago Mark Russinovic released a new tool call sysmon in his Sysinternals Suite (which is owned by Microsoft now). This tool can help you getting an overview about things that often happen on your system while it is or is getting compromised by creating events for specific things like the change a…