sysmon-config
sysmon-config copied to clipboard
Outlook Webview URL changes
Matches registry events that changes the URL value for the WebView of Outlook which could enable persistence for hackers.
Ref: https://speakerdeck.com/heirhabarov/hunting-for-persistence-via-microsoft-exchange-server-or-outlook?slide=70