New Release of Sysmon Adding Detection for Process Tampering, (Sun, Jan 17th)

Version 13.01 of Sysmon was released, a Windows Sysinternals tool to monitor and log system activity.

This version adds detection for process tampering, like process hollowing and process herpaderping. You use ProcessTampering in your configuration to activate it.

Here is an example of process hollowing detection:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post New Release of Sysmon Adding Detection for Process Tampering, (Sun, Jan 17th) appeared first on Malware Devil.

https://malwaredevil.com/2021/01/17/new-release-of-sysmon-adding-detection-for-process-tampering-sun-jan-17th/?utm_source=rss&utm_medium=rss&utm_campaign=new-release-of-sysmon-adding-detection-for-process-tampering-sun-jan-17th