https://stream.echo6.co/videos/watch/20e43c41-91f1-484e-bb28-01dca39f7d5f PowerSiem: https://github.com/IppSec/PowerSiem Creating PowerSiem: https://www.twitch.tv/videos/1438252177 Sysmon: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon Sysmon Configuration File: https://github.com/Neo23x0/sysmon-config 00:00 - Intro 00:36 - Talking about PowerSIEM 01:40 - Installing Sysmon with Florian Roth's default config 03:30 - Showing what PowerSIEM does by running it and opening a command prompt, browser, etc 04:50 - Explaining the PowerSIEM Script, how it works, and all the current sysmon events 07:50 - Setting breakpoints in Powershell ISE 08:48 - Adding data to the Registry Set event 11:58 - Showing just running a SysInternals tool creates a registry key for accepting the EULA 13:45 - Running Impackets PSEXEC, to find out Defender stopps it. Running Sysinternals Version and showing defender allows it. 14:50 - Using PowerSIEM to show how the Sysinternals PSEXEC works. 15:50 - Disabling AV, Running impacket's version again to show how it differs 17:35 - Creating a Cobalt Strike Beacon and showing some alerts 18:25 - Hiding network connection alerts in PowerSIEM by just commenting out the Write Alert line 20:00 - Running a shell command in CobaltStrike and showing what it looks like in PowerSIEM 21:00 - Running Mimikatz and talking about its sacrificial process, pipes, and mimikatz accessing LSASS 24:05 - Showing not everything will be logged Fri, 17 Apr 2026 08:44:38 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/20e43c41-91f1-484e-bb28-01dca39f7d5f All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.