Endpoint Detection Super Powers on the Cheap with Sysmon

Explore advanced endpoint detection techniques using Sysmon in this 26-minute conference talk from Derbycon 2019. Gain insights into cost-effective methods for enhancing your cybersecurity capabilities as Olaf Hartong delves into topics such as attack support, data source references, and the evolution of Sysmon features. Learn about directory structures, name annotation, and data voyager tools to improve your investigative workflow. Discover how to overcome challenges in app structure, reporting, and filtering, while also understanding network connections. Conclude with a roadmap for future developments in endpoint detection and response.

Introduction
Todays topic
Why am I here
Disclaimer
Attack
Support
Data Source Reference
History of Statements
New Features
Directory Structure
Name Annotation
Data Voyager
Investigative Workflow
Challenges
App Structure
Reporting
Filtering
Network Connections
Roadmap