We will be doing the Sysmon room this time. I don’t know about Sysmon too much except that it’s usually running in the background and helps logs events for us, similar to Windows Event Manager. I believe it is a bit more comprehensive in its logging which is why it’s useful to check these logs when using our SIEMs. Let’s get started! As always, I’ll document if I used external sources when doing these labs.
Task 3 Installing and Preparing Sysmon
I will be RDPing into the machine instead of downloading the files on my host machine. I created a RDP guide recently since we RDP a lot. I thought it’ll be nice to keep the RDP steps in one post instead of always writing it. It’s located here. Please check it out!