Skip to content
Navigation Menu
Toggle navigation
Sign in
Appearance settings
Platform
AI CODE CREATION
GitHub Copilot
Write better code with AI
GitHub Spark
Build and deploy intelligent apps
GitHub Models
Manage and compare prompts
MCP Registry
New
Integrate external tools
DEVELOPER WORKFLOWS
Actions
Automate any workflow
Codespaces
Instant dev environments
Issues
Plan and track work
Code Review
Manage code changes
APPLICATION SECURITY
GitHub Advanced Security
Find and fix vulnerabilities
Code security
Secure your code as you build
Secret protection
Stop leaks before they start
EXPLORE
Why GitHub
Documentation
Blog
Changelog
Marketplace
View all features
Solutions
BY COMPANY SIZE
Enterprises
Small and medium teams
Startups
Nonprofits
BY USE CASE
App Modernization
DevSecOps
DevOps
CI/CD
View all use cases
BY INDUSTRY
Healthcare
Financial services
Manufacturing
Government
View all industries
View all solutions
Resources
EXPLORE BY TOPIC
AI
Software Development
DevOps
Security
View all topics
EXPLORE BY TYPE
Customer stories
Events & webinars
Ebooks & reports
Business insights
GitHub Skills
SUPPORT & SERVICES
Documentation
Customer support
Community forum
Trust center
Partners
Open Source
COMMUNITY
GitHub Sponsors
Fund open source developers
PROGRAMS
Security Lab
Maintainer Community
Accelerator
Archive Program
REPOSITORIES
Topics
Trending
Collections
Enterprise
ENTERPRISE SOLUTIONS
Enterprise platform
AI-powered developer platform
AVAILABLE ADD-ONS
GitHub Advanced Security
Enterprise-grade security features
Copilot for Business
Enterprise-grade AI features
Premium Support
Enterprise-grade 24/7 support
Pricing
Search or jump to...
Search code, repositories, users, issues, pull requests...
Search syntax tips
Provide feedback
Saved searches
Use saved searches to filter your results more quickly
Sign in
Sign up
Appearance settings
Resetting focus
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
NextronSystems
/
sysmon-config
Public
forked from
SwiftOnSecurity/sysmon-config
Notifications
You must be signed in to change notification settings
Fork
69
Star
546
Code
Issues
2
Pull requests
2
Actions
Projects
0
Security
Uh oh!
There was an error while loading.
Please reload this page
.
Insights
Additional navigation options
Code
Issues
Pull requests
Actions
Projects
Security
Insights
Commits
Branch selector
master
User selector
All users
Datepicker
All time
Commit History
Commits on Dec 10, 2025
new: Suspicious Process Access of MsMpEng by WerFaultSecure - EDR-Freeze (#67)
Show description for 2ce8bed
swachchhanda000
and
phantinuss
authored
2ce8bed
Copy full SHA for 2ce8bed
Commits on Dec 5, 2025
Merge pull request #66 from TKCERT/neo23x0-pr3
Show description for 76371af
Neo23x0
authored
76371af
Copy full SHA for 76371af
Commits on Dec 4, 2025
Remove noise network profile switches
Show description for b3c3f98
Neo23x0
authored and
mback2k
committed
b3c3f98
Copy full SHA for b3c3f98
Merge pull request #65 from TKCERT/neo23x0-pr2
Show description for 5e79c36
Neo23x0
authored
5e79c36
Copy full SHA for 5e79c36
Add registry keys often used by malware and windows services
Show description for 5554c69
Neo23x0
authored and
mback2k
committed
5554c69
Copy full SHA for 5554c69
Merge pull request #64 from TKCERT/neo23x0-pr1
Show description for 51f9c77
Neo23x0
authored
51f9c77
Copy full SHA for 51f9c77
Commits on Dec 3, 2025
DNS ServerLevelPluginDll Issue Added
Show description for 9c84056
Neo23x0
authored and
mback2k
committed
9c84056
Copy full SHA for 9c84056
Commits on Sep 23, 2025
another imphash for EDR Freeze
Neo23x0
committed
1fdc5f8
Copy full SHA for 1fdc5f8
EDR-Freeze
Neo23x0
committed
db3891f
Copy full SHA for db3891f
Commits on Aug 27, 2025
add: CreateProcessAsPPL.exe
Neo23x0
committed
661a1c4
Copy full SHA for 661a1c4
Commits on Aug 7, 2025
Update sysmonconfig-export-block.xml
Neo23x0
committed
d65905e
Copy full SHA for d65905e
block bamboozlEDR
Show description for a25c042
Neo23x0
committed
a25c042
Copy full SHA for a25c042
Commits on Jul 8, 2025
Add RunMRU annd TypedPaths Registry to detect potential clickfix and filefix attacks (#63)
Show description for 23aa78a
swachchhanda000
and
Copilot
authored
23aa78a
Copy full SHA for 23aa78a
Commits on Jul 7, 2025
Add New Pipes (#61)
Show description for d52b214
swachchhanda000
and
phantinuss
authored
d52b214
Copy full SHA for d52b214
Commits on Jul 2, 2025
Merge pull request #62 from swachchhanda000/exclusion_reg
Show description for c794961
phantinuss
authored
c794961
Copy full SHA for c794961
Commits on Apr 15, 2025
fix: linting
swachchhanda000
committed
8ded30c
Copy full SHA for 8ded30c
Add Defender administrative settings related another registry path
swachchhanda000
committed
ae2938b
Copy full SHA for ae2938b
Commits on Feb 1, 2024
add: EventLogCrasher
Neo23x0
committed
f944c05
Copy full SHA for f944c05
Commits on Dec 29, 2023
EDRSilencer hashes
Neo23x0
committed
2dc8575
Copy full SHA for 2dc8575
Commits on Dec 14, 2023
add: EDRSandblast
Show description for 65c78ba
Neo23x0
committed
65c78ba
Copy full SHA for 65c78ba
Commits on Oct 17, 2023
Merge pull request #57 from nasbench/master
Show description for fa614fd
nasbench
authored
fa614fd
Copy full SHA for fa614fd
Commits on Jul 27, 2023
Update sysmonconfig-export-block.xml
nasbench
authored
8b8c419
Copy full SHA for 8b8c419
Update sysmonconfig-export.xml
nasbench
authored
b2b5554
Copy full SHA for b2b5554
Commits on Jun 28, 2023
Merge pull request #56 from Neo23x0/loldrivers-extension
Show description for 277c594
Neo23x0
authored
277c594
Copy full SHA for 277c594
fix: schema version
Neo23x0
committed
65bc443
Copy full SHA for 65bc443
feat: blocked config
Neo23x0
committed
21205e9
Copy full SHA for 21205e9
fix: increase allowance for trace runs
Neo23x0
committed
bc734a5
Copy full SHA for bc734a5
Update sysmonconfig-export.xml
Neo23x0
committed
f10d77f
Copy full SHA for f10d77f
loldrivers rules
Neo23x0
committed
87be34c
Copy full SHA for 87be34c
Merge branch 'master' of https://github.com/Neo23x0/sysmon-config
Neo23x0
committed
8569801
Copy full SHA for 8569801
new FileExecutableDetected Block
Neo23x0
committed
43f8ebf
Copy full SHA for 43f8ebf
Commits on May 18, 2023
Merge pull request #53 from cospirho/master
Show description for 766b2a7
nasbench
authored
766b2a7
Copy full SHA for 766b2a7
Commits on May 15, 2023
Remove duplicates sysmonconfig-export-block
cospirho
authored
cea856d
Copy full SHA for cea856d
Remove duplicates sysmonconfig-export
cospirho
authored
46fd40f
Copy full SHA for 46fd40f
Commits on May 5, 2023
Merge branch 'master' of https://github.com/Neo23x0/sysmon-config
Neo23x0
committed
6e36404
Copy full SHA for 6e36404
Pagination
Previous
Next
You can’t perform that action at this time.
