To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Tech Clint Marsden DFIR Incident Response Forensic Cyber Windows Hacking Blue Teaming Red Team Auscert
Content provided by Clint Marsden. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Clint Marsden or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Similar to TLP - The Digital Forensics Podcast

Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

TLP - The Digital Forensics Podcast « »
Audiobook - Mastering Sysmon. Deploying, Configuring, and Tuning in 10 easy steps

44:12
 
Play
Playing
Share
 

MP3Episode home
Manage episode 468828442 series 3578563
Content provided by Clint Marsden. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Clint Marsden or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Send us a text

This episode features the complete narration of my ebook: Mastering Sysmon – Deploying, Configuring, and Tuning in 10 Easy Steps, providing a step-by-step guide to getting Sysmon up and running for better threat detection and incident response.

If you’re in security operations, digital forensics, or incident response, this episode will help you:

  • Deploy Sysmon efficiently.
  • Tune Sysmon logs for maximum insight while reducing noise.
  • Use Sysmon for investigations—from process creation tracking to network monitoring.
  • Understand real-world use cases of how Sysmon can catch adversaries in action.

Key Topics Covered:

  • Why Sysmon Matters – A deep dive into how Sysmon enhances Windows logging.
  • Common Mistakes & How to Avoid Them – Logging misconfigurations, tuning issues, and evidence handling best practices.
  • Step-by-Step Deployment Guide – From downloading Sysmon to configuring it for lean detections.
  • Tuning for Performance & Relevance – How to tweak Sysmon settings to avoid excessive log volume.
  • Investigating Security Events – Key Sysmon event IDs that provide forensic gold.
  • Real-World Use Cases – Examples of how Sysmon has caught attackers in action.
  • Sysmon Bypass Techniques – How adversaries evade detection and how to stay ahead.

Resources Mentioned:

  1. Sysmon DownloadMicrosoft Sysinternals
  2. Sysmon Configuration FilesOlaf Hartong’s Sysmon-Modular
  3. MITRE ATT&CK FrameworkMITRE ATT&CK
  4. ACSC Sysmon Config GuideACSC GitHub

Key Takeaways:

  • Sysmon provides deep system visibility – if tuned correctly.
  • Tuning is essential – Avoid log overload while keeping useful data.
  • Use a structured deployment process – From baselining performance to verifying logs.
  • Sysmon alone isn’t enough – It works best when combined with other detection tools.
  • Be aware of bypass techniques – Attackers can disable Sysmon, so defense in depth is key.

Join the AI Cyber Security Skool Group
Inside the group, you’ll learn how to defend against prompt injections, lock down API keys, and stop your automations from turning into costly incidents. It’s a space for cyber pros, engineers, and AI builders to share playbooks, tools, and real-world lessons on keeping AI secure.
https://www.skool.com/ai-automation-security-5754/about?ref=3e3ebf81027c4bceb6f7cbfdbabe22ea

  continue reading

25 episodes

#Tech #Clint Marsden #DFIR #Incident Response #Forensic #Cyber #Windows #Hacking #Blue Teaming #Red Team #Auscert
Artwork

Audiobook - Mastering Sysmon. Deploying, Configuring, and Tuning in 10 easy steps

TLP - The Digital Forensics Podcast

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 468828442 series 3578563
Content provided by Clint Marsden. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Clint Marsden or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Send us a text

This episode features the complete narration of my ebook: Mastering Sysmon – Deploying, Configuring, and Tuning in 10 Easy Steps, providing a step-by-step guide to getting Sysmon up and running for better threat detection and incident response.

If you’re in security operations, digital forensics, or incident response, this episode will help you:

  • Deploy Sysmon efficiently.
  • Tune Sysmon logs for maximum insight while reducing noise.
  • Use Sysmon for investigations—from process creation tracking to network monitoring.
  • Understand real-world use cases of how Sysmon can catch adversaries in action.

Key Topics Covered:

  • Why Sysmon Matters – A deep dive into how Sysmon enhances Windows logging.
  • Common Mistakes & How to Avoid Them – Logging misconfigurations, tuning issues, and evidence handling best practices.
  • Step-by-Step Deployment Guide – From downloading Sysmon to configuring it for lean detections.
  • Tuning for Performance & Relevance – How to tweak Sysmon settings to avoid excessive log volume.
  • Investigating Security Events – Key Sysmon event IDs that provide forensic gold.
  • Real-World Use Cases – Examples of how Sysmon has caught attackers in action.
  • Sysmon Bypass Techniques – How adversaries evade detection and how to stay ahead.

Resources Mentioned:

  1. Sysmon DownloadMicrosoft Sysinternals
  2. Sysmon Configuration FilesOlaf Hartong’s Sysmon-Modular
  3. MITRE ATT&CK FrameworkMITRE ATT&CK
  4. ACSC Sysmon Config GuideACSC GitHub

Key Takeaways:

  • Sysmon provides deep system visibility – if tuned correctly.
  • Tuning is essential – Avoid log overload while keeping useful data.
  • Use a structured deployment process – From baselining performance to verifying logs.
  • Sysmon alone isn’t enough – It works best when combined with other detection tools.
  • Be aware of bypass techniques – Attackers can disable Sysmon, so defense in depth is key.

Join the AI Cyber Security Skool Group
Inside the group, you’ll learn how to defend against prompt injections, lock down API keys, and stop your automations from turning into costly incidents. It’s a space for cyber pros, engineers, and AI builders to share playbooks, tools, and real-world lessons on keeping AI secure.
https://www.skool.com/ai-automation-security-5754/about?ref=3e3ebf81027c4bceb6f7cbfdbabe22ea

  continue reading

25 episodes

#Tech #Clint Marsden #DFIR #Incident Response #Forensic #Cyber #Windows #Hacking #Blue Teaming #Red Team #Auscert

所有剧集

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Similar to TLP - The Digital Forensics Podcast

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play
icon
Help/FAQ | Advertise with Us
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play