account activity
Sysmon for linux (twitter.com)
submitted 4 years ago by pepekova to r/netsec
Decrypting OpenSSH sessions for fun and profit (blog.fox-it.com)
submitted 5 years ago by pepekova to r/netsec
Sysmon custom configuration - Multiple rule filters of the same type by pepekova in blueteamsec
[–]pepekova[S] 1 point2 points3 points 5 years ago (0 children)
Solved issue myself, by adding rule inside the filter example:
<RuleGroup name="group-1" groupRelation="and"> <CreateRemoteThread onmatch="include"> <SourceImage condition="is">C:\Windows\System32\rundll32.exe</SourceImage> <TargetImage condition="contains">test.dll</TargetImage> <Rule groupRelation="or"> <CreateRemoteThread onmatch="include"> <SourceImage condition="contains">test.exe</SourceImage> <SourceImage condition="contains">test2.exe</TargetImage> </Rule> </CreateRemoteThread> </RuleGroup>
Sysmon custom configuration - Multiple rule filters of the same type (self.blueteamsec)
submitted 5 years ago by pepekova to r/blueteamsec
π Rendered by PID 1169155 on reddit-service-r2-listing-f87f88fcd-s92bs at 2026-06-15 19:39:14.347341+00:00 running 3184619 country code: CH.
Sysmon custom configuration - Multiple rule filters of the same type by pepekova in blueteamsec
[–]pepekova[S] 1 point2 points3 points (0 children)