Hacks Weekly #7: Sysmon - how to set up, update and use?

Рет қаралды 27,933

7 жыл бұрын

In this tutorial, I will show you how to set up Sysmon correctly, as well as how to update it with a custom configuration. In addition, I'm super excited to show you tools that our team wrote to support system logging and to extract information about what is happening, for example, with your processes communicating with the network. Let’s dive into Sysmon.
The full tutorial and tools that were used here are available on our blog: cqu.re/7CQhacksweekly

Пікірлер: 24

@shanifsalim 7 жыл бұрын

You are simply awesome. No words to say. I have never seen such a video.

@pjanuszkiewicz 7 жыл бұрын

Great to hear! :) Thank you!

@t3ala_nefham432 2 жыл бұрын

thanks so much

@somedude4652 4 жыл бұрын

Informative!!

@shahg390 4 жыл бұрын

Thank you very much Paula, really helped me to understand sysmon in depth. Is it possible to include how much data (in KB or MB) went out on destination port. size of the data. This is the thing lacking in CQSysmonNetAnalyzer tool which is really a great tool. Please reply or if you can guide how to get this also.

@hemav6556 2 жыл бұрын

Thank you so much of the video :) please share data exfiltration techniques detection using sysmon if possible

@Lofote 7 жыл бұрын

So are you always sitting on the floor like this with your computer when you do your IT stuff? :-D very cool video... you present it in much a more "live" way than the usual "we are sitting or standing straight on our desks like in the news shows" way :-D

@pjanuszkiewicz 7 жыл бұрын

Haha, thanks! I like to sit on the floor ;)

@fadinoufal1991 7 жыл бұрын

i'm currently trying to inform myself more in to microsoft security tooling etc, eventually i want to specialise in pentesting, what documentation en certifications do you reccomend. now i'm doing 70-744 which is pretty new

@cruor007 4 жыл бұрын

Thank you very much for this useful video, however I have an issue, when i load the configuration file xml, the sysmon service crashed so I need to launch it manually, do you have any idea what is happening? For. Information I'm using windows 7

@jackhammer7828 5 жыл бұрын

We got a beautiful instructor and an excellent teacher good stuff you teach my friend good stuff

@sriramgiri3807 7 жыл бұрын

I cant seem to update the config for sysmon. Need help.

@robivy3454 6 жыл бұрын

good stuff but not clear...how does config.xml work? i typed the file and saved it to the same folder as sysmon but it doesnt seem to work

@boooliyooo 7 жыл бұрын

how can i get the CQConfig?

@ianhj4550 7 жыл бұрын

All volumes turned to full on my laptop and the video is still too quite and some dialogue is hard to hear

@marcus.edmondson 4 жыл бұрын

The schema version it exported was incorrect.

@CQUREAcademy 4 жыл бұрын

Can you please provide Sysmon version you are using? It’s schema changes often, therefore, we need to update our tool equally often so that it matches the Sysmon version, this problem most probably comes from the incompatibility. Let us know! :)

@marcus.edmondson 4 жыл бұрын

@@CQUREAcademy in your video it looks like you use schema version 3.1 and when you exported it out using your tool it said 2.1.

@austinmurphy9074 3 жыл бұрын

CQuire Tools found Skeeya! trojan in your tools and flagged it?

@CQUREAcademy 3 жыл бұрын

Although our tools are dedicated to good guys - security professionals, they are often flagged as malicious as underneath they need to use various unexpected APIs and offensive tricks. You can whitelist specific directory in your Anti-Virus settings and run tools from this directory. If you don’t have control over it, you may also consider running virtual machine with Windows system and simply disable AV over there.

@faizankhd 3 жыл бұрын

config.xml i am getting error

@jeliazkozlatev3940 2 жыл бұрын

cool video, but is it possible to speak little bit louder, because my volume on youtube and my laptop are at full and i still have problems hearing what you are saying :)

@pokusnevidea 7 жыл бұрын

good video, but i was wondering, why are you almost-whispering? i mean, not only in this video, but in almost all of your videos. don't worry, the mic does not bite :) maybe you could perhaps boost volume next time editing videos? peace ;)