sysmon-modular icon indicating copy to clipboard operation
sysmon-modular copied to clipboard

Published 20 hours ago verified publisher icon olafhartong

ImageLoad detections from hijacklibs.net

Open nterl0k opened this issue 1 year ago • 0 comments

Data sourced from https://hijacklibs.net / https://github.com/wietze/HijackLibs/tree/main.

This include file was written mostly programmatically for each DLL in this project and it's known/expected load locations. It is rather long, so any improvement suggestions are welcome.

I included some minor noise excludes when tested in a modestly size production environment.

I'm willing to share the simple PowerShell code used to develop these files if desired.

nterl0k avatar Jan 29 '24 17:01 nterl0k