Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: SANS Internet Storm Center SANS Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

New Release of Sysmon Adding Detection for Process Tampering

Published: 2021-01-17
Last Updated: 2021-01-17 11:53:58 UTC
by Didier Stevens (Version: 1)
0 comment(s)

Version 13.01 of Sysmon was released, a Windows Sysinternals tool to monitor and log system activity.

This version adds detection for process tampering, like process hollowing and process herpaderping. You use ProcessTampering in your configuration to activate it.

Here is an example of process hollowing detection:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Obfuscated DNS Queries
Jan 16th 2021
1 day ago by Guy (0 comments)

Throwback Friday: An Example of Rig Exploit Kit
Jan 15th 2021
3 days ago by Brad (0 comments)

Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file
Jan 14th 2021
3 days ago by Bojan (0 comments)

Hancitor activity resumes after a hoilday break
Jan 13th 2021
5 days ago by Brad (0 comments)

Microsoft January 2021 Patch Tuesday
Jan 12th 2021
5 days ago by Renato (0 comments)

Using the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3)
Jan 11th 2021
6 days ago by Rob VandenBrink (0 comments)

View All Diaries →

Latest Discussions

PFSense
created Dec 23rd 2020
3 weeks ago by bas.auer@auerplace.nl (3 replies)

Port 23 & 2323 107.173.58.179
created Nov 15th 2020
2 months ago by Anonymous (0 replies)

Gmail hacked vis MS Outlook / request.zip virus/malware
created Oct 13th 2020
3 months ago by Anonymous (3 replies)

Why is the entire community so... I don't know the words...
created Sep 8th 2020
4 months ago by Everseeker (0 replies)

I can not find the Bluetooth channel!
created Aug 31st 2020
4 months ago by Martin (0 replies)

View All Forums →

Latest News

Top Diaries

An infection from Rig exploit kit
Jun 17th 2019
1 year ago by Brad (0 comments)

Old Worm But New Obfuscation Technique
Nov 13th 2020
2 months ago by Xme (0 comments)

Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
Dec 5th 2020
1 month ago by Guy (0 comments)

AV Cleaned Maldoc
Nov 2nd 2020
2 months ago by DidierStevens (0 comments)

Traffic Analysis Quiz: Ugly-Wolf.net
Oct 16th 2020
3 months ago by Brad (0 comments)