About This Online Training Course
Trainers: Carlos Perez
Skill Level: Basic
This course covers the fundamentals of Microsoft Sysinternals Sysmon, from basic use of the command line to deployment considerations and understanding how each event type works.
This course is designed for the defender who is just getting started with using the Sysinternals Sysmon tool for collecting information to aid in the hunt and detection of abuse of Windows environments.
This course qualifies for 14 hours of CPE credit hours.
Overview and Course Syllabus:
This two-day intensive training course will be held using videoconferencing software in an interactive group setting with hands-on instruction, as-needed.
- What is Sysmon – We will cover what Sysinternals Sysmon is and how it works.
- The Sysmon Driver – This overview of the core of Sysmon will discuss how this component captures the information that is then stored in the Windows event log.
- Installation and Configuration – We will understand the basic installation of Sysmon and the command line parameters used. Additionally, we will take a look at some best practice recommendations and cover how to author XML configuration files.
- Event Types – We will look at the different event types generated by Sysmon and best practices for working with each one. The following event types will be covered:
- Sysmon Events
- Process Events
- Process Creation
- Process Termination
- Process Access
- File Events
- File Create
- File Create Time Change
- File Stream Creation Hash
- Named Pipes
- Driver Loading
- Registry Actions
- Image Loading
- Network Connections
- Create Remote Thread
- Raw Access Read
- DNS Query
- WMI Events
This class requires basic knowledge of the Windows operating system in an Active Directory environment and how to read Windows event logs.
Who Should Take This Course:
This class is designed for the defender who is just getting started with using the Sysinternals Sysmon tool for collecting additional information to aid in the hunt and detection of abuse of Windows environments.
- Internet connection
- Web browser to access student lab
- Web camera
- Headphones and microphone
- A lab environment with a windows VM for students to use with their offensive and defensive PowerShell scripts
- Free scripts, tools, and custom code to help understand offense and defense using PowerShell
- All presentation slides and a course handout with all of the commands
$1,500 per student
*Contact us for a military discount and group pricing (3 or more students)See Dates & Times