Tag: Agentless

JonMon-Lite is a research proof-of-concept “Remote Agentless EDR” that creates an ETW Trace Session through a Data Collector Set. This session can be created locally or remotely. Events Collected JonMon-Lite collects the following data: EventType Provider Process Creation Microsoft-Windows-Kernel-Process File Creation Microsoft-Windows-Kernel-File DotNetLoad Microsoft-Windows-DotNETRuntime WMIEventFilter Microsoft-Windows-WMI-Activity RPCClientCall ETW Microsoft-Windows-RPC RPCServerCall Microsoft-Windows-RPC CryptUnprotectData Microsoft-Windows-Crypto-DPAPI AMSI Microsoft-Antimalware-Scan-Interface…