This article on Microsoft’s Technet Blog is really interesting: Moti Bani explain how to investigate suspicious activity on servers using Sysmon Tool. What is Sysmon? Sysmon is a tool from Sysinternals that provides a comprehensive monitoring about activities in the operating system level. It is composed by a Windows service …
Article Link: https://andreafortuna.org/malware-analysis/investigate-suspicious-windows-processes-using-sysinternals-sysmon/