Sysmon Endpoint Monitoring, Now w/ Clipboard Voyeurism - Corey Thuen - PSW #671
Paul's Security Weekly (Video) · Security Weekly Productions
Audio is streamed directly from the publisher (dts.podtrac.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Sysmon is a free endpoint monitoring tool published by Microsoft in their sysinternals suite. It generates process creations, network connections, file creations, DNS, and now clipboard monitoring with v12. We'll discuss what's in the events and how to easily visualize and search them with Gravwell's new Sysmon Kit. This segment is sponsored by Gravwell.
Show Notes: https://wiki.securityweekly.com/psw671
Visit https://securityweekly.com/gravwell to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!