Version 13.01 of Sysmon was released, a Windows Sysinternals tool to monitor and log system activity. This version adds detection for process tampering, like process hollowing and process herpaderping. You use ProcessTampering in your configuration to activate it. Here is an example of process hollowing detection: Didier Stevens |
DidierStevens 649 Posts ISC Handler Jan 17th 2021 |
Thread locked Subscribe |
Jan 17th 2021 1 year ago |
Sign Up for Free or Log In to start participating in the conversation!