Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: New Release of Sysmon Adding Detection for Process Tampering SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Release of Sysmon Adding Detection for Process Tampering

Version 13.01 of Sysmon was released, a Windows Sysinternals tool to monitor and log system activity.

This version adds detection for process tampering, like process hollowing and process herpaderping. You use ProcessTampering in your configuration to activate it.

Here is an example of process hollowing detection:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

533 Posts
ISC Handler
Jan 17th 2021

Sign Up for Free or Log In to start participating in the conversation!