explainx.ainewsletter3.5k
ai newstrendingpathwaysworkshopsskills
pricing
workshops ↗
explainx.ai

Upskill in AI — 16 free pathways, live workshops & bootcamps, and 50+ courses from practitioners. Plus the skills, tools, and MCP servers to practice on.

follow us

custom AI agents

[email protected]

get started

Join · $29/mo

learn

pathways — start freeworkshopsbootcampscoursescertificationsmock testsexplainx universitycorporate traininglearn skills & mcp

discover

skillsmcp serverstoolsagentsllmsdesignsagi trackerranks

company

aboutvisionmissionteaminstructorscommunityhackathonscareers

content

daily AI newsblogreleasespromptsgeneratorsresource librarydemofor LLMs

solutions

all solutionsdeveloper upskillingmarketing upskillingproduct manager upskillingleadership upskilling

Sister Products

Infloq

Infloq

Influencer marketing

BgBlur

BgBlur

Privacy-first blur

Olly Social

Olly Social

Social AI copilot

Ceptory

Ceptory

Video intelligence

BgRemover

BgRemover

Background removal

newsletter · weekly

Get AI news, tools, and insights in your inbox.

contactsupportprivacytermsdata rightssubmission guidelines

© 2026 AISOLO Technologies Pvt Ltd

home/skills/tag/sysmon
skill tag

sysmon▌

9 indexed skills · max 10 per page

skills (9)

hunting-for-lateral-movement-via-wmi

mukul975/Anthropic-Cybersecurity-Skills · hunting-for-lateral-movement-via-wmi

0

Detect WMI-based lateral movement by analyzing Windows Event ID 4688 process creation and Sysmon Event ID 1 for WmiPrvSE.exe child process patterns, remote process execution, and WMI event subscription persistence.

detecting-wmi-persistence

mukul975/Anthropic-Cybersecurity-Skills · detecting-wmi-persistence

0

Detect WMI event subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious EventFilter, EventConsumer, and FilterToConsumerBinding creation.

detecting-living-off-the-land-with-lolbas

mukul975/Anthropic-Cybersecurity-Skills · detecting-living-off-the-land-with-lolbas

0

Detect Living Off the Land Binaries (LOLBins/LOLBAS) abuse including certutil, regsvr32, mshta, and rundll32 via process telemetry, Sigma rules, and parent-child process analysis

detecting-credential-dumping-techniques

mukul975/Anthropic-Cybersecurity-Skills · detecting-credential-dumping-techniques

0

Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows Security logs, and SIEM correlation rules

detecting-malicious-scheduled-tasks-with-sysmon

mukul975/Anthropic-Cybersecurity-Skills · detecting-malicious-scheduled-tasks-with-sysmon

0

Detect malicious scheduled task creation and modification using Sysmon Event IDs 1 (Process Create for schtasks.exe), 11 (File Create for task XML), and Windows Security Event 4698/4702. The analyst correlates task creation with suspicious parent processes, public directory paths, and encoded command arguments to identify persistence and lateral movement via scheduled tasks. Activates for requests involving scheduled task detection, Sysmon persistence hunting, or T1053.005 Scheduled Task/Job analysis.

analyzing-windows-event-logs-in-splunk

mukul975/Anthropic-Cybersecurity-Skills · analyzing-windows-event-logs-in-splunk

0

Analyzes Windows Security, System, and Sysmon event logs in Splunk to detect authentication attacks, privilege escalation, persistence mechanisms, and lateral movement using SPL queries mapped to MITRE ATT&CK techniques. Use when SOC analysts need to investigate Windows-based threats, build detection queries, or perform forensic timeline analysis of Windows endpoints and domain controllers.

hunting-for-process-injection-techniques

mukul975/Anthropic-Cybersecurity-Skills · hunting-for-process-injection-techniques

0

Detect process injection techniques (T1055) including CreateRemoteThread, process hollowing, and DLL injection via Sysmon Event IDs 8 and 10 and EDR process telemetry

hunting-for-registry-run-key-persistence

mukul975/Anthropic-Cybersecurity-Skills · hunting-for-registry-run-key-persistence

0

Detect MITRE ATT&CK T1547.001 registry Run key persistence by analyzing Sysmon Event ID 13 logs and registry queries to identify malicious auto-start entries.

detecting-t1055-process-injection-with-sysmon

mukul975/Anthropic-Cybersecurity-Skills · detecting-t1055-process-injection-with-sysmon

0

Detect process injection techniques (T1055) including classic DLL injection, process hollowing, and APC injection by analyzing Sysmon events for cross-process memory operations, remote thread creation, and anomalous DLL loading patterns.