SecurityNguyen
Posts Tags About Categories
SecurityNguyen

Contents

Learning Sysmon

CyberNguyen included in Fundamentals
   93 words   One minute 
Contents

Note: If you need to zoom in, you can click on the image.

Sysmon ID: 15

Used to monitor when an application or file is created within a File Stream. File stream is basically File inside a file. This Sysmon id is helpful if you wanna track down what a user or threat actor download.
Bonus: Whenever, a web browser download an application from the internet, a DLL file is run. This DLL file is called: urlmon.dll.
Urlmon.dll provides the necessary functions to interact with URLs, such as opening web pages, downloading files.

Updated on 0001-01-01
 Fundamentals
Back | Home