drop sysmon evtx csv · detect process doppelganging and herpaderping artifacts · identify transacted ntfs file writes followed by execution · surface advanced in-memory evasion techniques · runs locally
sysmon 1/11/25/23 · security 4688 — evtxecmd export
drop sysmon evtx csv