Hello, I’ve been trying to go through the questions here and I just can’t figure them out. I went through all the modules prior quite easily and haven’t been able to figure out the first question even for the “C:\Logs\DLLHijack” question. I know to filter events by ID 7 but from there I’m struggling on what to do, I’ve been trying to manually go through the logs but it’s been very time consuming. Any tricks or tips would be greatly appreciated. Thank You!!

Did you end up figuring this out? I’m having the same issue.

did you find out? i am stuck there

Hi Tharris,

Try to use Get-WinEvent command explained in the course to be able to givethe path and filter ID and filter with Where-Object to find Image locations which are not normal (Sorry, according to the rules not to spoil the task here, I can’t be more specific, but you will get it).

DONT FORGET TO LIKE :slight_smile:


In windows event viewer on top left, action → find … you can search for words in logs… i haven’t found that first flag either…

My logs do not show Sysmon Event ID 7 in my instance bugged?

somewhere in the module they show you that to see events id 7 in event viewer they show you that you need to edit the sysmon configuration, look for that explanation.