Extending Your Incident Response Capabilities with Sysmon presented at SECTOR 2018

by Peter Morin,

URL : https://sector.ca/sessions/extending-your-incident-response-capabilities-with-sysmon/

Summary : This presentation will introduce attendees to the free Sysinternals tool, Sysmon. Are you an incident responder? SOC analyst? Does your job require you to work with Windows event logs? Do you need to reconstruct attacker timelines?We will look at the Sysmon tool and compare its outputs to standard EVT logsLook at how Sysmon can be used to understand the effects of malware infections – the infection point, whether or not it has spread, and the effects on the infected systemSysmon command line usage, understanding its events and configuration options including the use of configuration filesWe will look at a number of use cases where Sysmon can improve your detection and IR capabilities