Sysmon

To access material, start machines and answer questions login.

, a tool used to monitor and log events on Windows, is commonly used by enterprises as part of their monitoring and logging solutions. Part of the Windows Sysinternals package, is similar to Windows Event Logs with further detail and granular control.

Microsoft Security logo

This room uses a modified version of the Blue and Ice boxes, as well as logs from the Hololive network lab.

Before completing this room we recommend completing the Windows Event Log room. It is also recommended to complete the Blue and Ice rooms to get an understanding of vulnerabilities present however is not required to continue.

Answer the questions below

Complete the prerequisites listed above and jump into task 2.

Ready to learn Cyber Security?

The Sysmon room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.

Already have an account? Log in

Sysmon

Task 1Introduction

Task 2Sysmon OverviewPremium

Task 3Installing and Preparing SysmonPremium

Task 4Cutting out the NoisePremium

Task 5Hunting MetasploitPremium

Task 6Detecting MimikatzPremium

Task 7Hunting MalwarePremium

Task 8Hunting PersistencePremium

Task 9Detecting Evasion TechniquesPremium

Task 10Practical InvestigationsPremium

Ready to learn Cyber Security?