SwiftOnSecurity
Fun fact I made a typo in sysmon-config many years ago, when I was working in Helpdesk.
I got my shot and was hired to the big firm with the big fancy expensive tools I would've never dreamed of.
Do you know what I find in that tool, auditing it?
My typo. They pasted it in. They just... copied the whole thing.
I sit at my desk. And I realize I was always enough.
SwiftOnSecurity
The full story of sysmon-config, the first (to my awareness) comprehensive open source HIDS monitoring solution configuration, is something I would like to tell sometime.
It was in fact not generated for a security job, strictly. I needed to understand the sensitive modifications being made to our Windows systems as Helpdesk. And I did not want to filter Procmon again.
It turns out the modifications that screw things up... kind of include the malware and spyware ones. Especially back then.
Briala
@SwiftOnSecurity Pity the tech who misspelt "referrer" in the HTTP standard.
John de Largentaye
@SwiftOnSecurity reminds me of the time when Brendan Gregg, who was not working at Sun at the time, got a spiel from a salesperson about new profiling tools.
It was his own dtrace scripts they were demoing to him.
https://www.brendangregg.com/blog/2021-06-04/an-unbelievable-demo.html
SwiftOnSecurity
It was named sysmon-config because what else would it be called? It was basically the only one. It was not a claim.
I really wish I had someone to tell the story to. About how I had forensic computer breach discussions with General Counsel as a Helpdesk employee. Thanks to Sysmon.
And my XML file.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.