Learning Sysmon - File Create Time (Video 7)

In this video, Research Team Lead Carlos Perez discusses how Sysmon is able to detect when an attacker tries to cover their tracks by modifying the time stamps of files created on the target system. Sysmon Modular: https://github.com/olafhartong/sysmon-modular Sysmon Community Guide: https://github.com/trustedsec/SysmonCommunityGuide 00:00:00 Intro 00:02:25 Creating a baseline config 00:03:07 Fields of the Events 00:04:18 Creating exclusions 00:07:24 Sysmon Modular examples 00:08:33 General recommendations 00:07:40 Recommendations