In this video, Carlos Perez, Research Team Lead, explains the process of installing Sysmon, including the alterations that occur in the system and techniques of concealing Sysmon's presence from attackers.
Sysmon Community Guide: https://github.com/trustedsec/SysmonCommunityGuide
Chapters:
00:00:00 Intro
00:00:36 Files in the download
00:01:59 Executable parameters
00:04:45 Action taken by the installer
00:09:20 How does the Sysmon minifilter driver work
00:11:45 Sysmon registry settings
00:13:30 Additional install parameters
00:15:00 Hiding service and driver
00:20:41 Detecting Sysmon
00:22:16 Unloading the Sysmon driver
00:22:44 Uninstalling Sysmon
00:22:12 Installation best practices
00:22:38 Deploying configuration via GPO
