blueteamsec

549 readers

13 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago

MODERATORS

digicat@infosec.pub

Native Sysmon functionality coming to Windows (techcommunity.microsoft.com)

submitted 1 day ago by digicat@infosec.pub to c/blueteamsec@infosec.pub

1 comments fedilink hide all child comments

top 1 comments

sorted by: hot top controversial new old

[–] faebudo@infosec.pub 2 points 1 day ago

So they're going to deliver sysmon.exe as a windows optional feature. There's nothing native to it. No config management via GPO or CSP or similar. Nothing. Just replacing the scheduled task/powershell script downloading exe and config by one enabling the feature and downloading the config.

permalink
fedilink
source