In this post I’ll explain what is Sysmon, how to install it and how to use it to detect important pattern.
SIEM 202 — Detecting remote PsExec
In this post I’ll explain how to detect an attacker that uses PsExec to connect to your computer when you don’t have visibility over the attacker’s computer.