Sysmon v6.10 has been released on the 11th of September and introduces new features such as WMI events reporting. At the first sight, these new capabilites seem very interesting for SOC and Incident Response purposes. Therefore in this article, we are going to explore the new events generated by this latest version of Sysmon. We will also discuss in which extent we can use these events to detect real life WMI abuses. more ...

Sysmon is a great system monitoring tool provided by Microsoft which can be used for both threat hunting and incident response. This tool is running as a Windows Service and is operating in Kernel Land via a driver. This blog article will be used to maintain a table describing the different Sysmon events available across the different Sysmon versions. more ...