Fun fact I made a typo in sysmon-config many years ago, when I was working in Helpdesk.
I got my shot and was hired to the big firm with the big fancy expensive tools I would've never dreamed of.
Do you know what I find in that tool, auditing it?
My typo. They pasted it in. They just... copied the whole thing.
I sit at my desk. And I realize I was always enough.
The full story of sysmon-config, the first (to my awareness) comprehensive open source HIDS monitoring solution configuration, is something I would like to tell sometime.
It was in fact not generated for a security job, strictly. I needed to understand the sensitive modifications being made to our Windows systems as Helpdesk. And I did not want to filter Procmon again.
It turns out the modifications that screw things up... kind of include the malware and spyware ones. Especially back then.
SwiftOnSecurity