New Release of Sysmon Adding Detection for Process Tampering

Published: 2021-01-17. Last Updated: 2021-01-17 11:53:58 UTC
by Didier Stevens (Version: 1)
0 comment(s)

Version 13.01 of Sysmon was released, a Windows Sysinternals tool to monitor and log system activity.

This version adds detection for process tampering, like process hollowing and process herpaderping. You use ProcessTampering in your configuration to activate it.

Here is an example of process hollowing detection:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords: processtemparing sysmon
0 comment(s)

Comments

Login here to join the discussion.


Top of page
Diary Archives