Been consolidating resources for utilizing sysmon and thought I’d share:
- https://github.com/MHaggis/sysmon-dfir
- http://blog.jpcert.or.jp/2017/06/1-ae0d.html
- https://www.vector8.io/blog/sysmon
- https://www.rsaconference.com/writable/presentations/file_upload/hta-t09-how-to-go-from-responding-to-hunting-with-sysinternals-sysmon.pdf
- https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for_22.html
- https://www.youtube.com/watch?v=vv_VXntQTpE
Any you like?