Last Updated: 2021-01-17 11:53:58 UTC
by Didier Stevens (Version: 1)
Version 13.01 of Sysmon was released, a Windows Sysinternals tool to monitor and log system activity.
This version adds detection for process tampering, like process hollowing and process herpaderping. You use ProcessTampering in your configuration to activate it.
Here is an example of process hollowing detection:
If you have more information or corrections regarding our diary, please share.