通过Sysmon的-l参数可以探测到DLL加载(ImageLoaded):
REF:
https://securityriskadvisors.com/blog/post/detecting-in-memory-mimikatz/
通过Sysmon的-l参数可以探测到DLL加载(ImageLoaded):
REF:
https://securityriskadvisors.com/blog/post/detecting-in-memory-mimikatz/
转载于:https://www.cnblogs.com/xiaoxiaoleo/p/6385861.html