search

WithSecureLabs / chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts
GNU General Public License v3.0
2.7k stars 242 forks source link

Signatures for Sysmon Protection #127

Closed JakePeralta7 closed 1 year ago

JakePeralta7 commented 1 year ago

Two simple signatures that detects disabling the Sysmon service and setting his startup type to manually

alexkornitzer commented 1 year ago

Ah nice, I think this is our first Chainsaw rule PR 🎉 Anyways, LGTM, in it goes!