undev.ninja – On April 2020, Mark Russinovich announced the release of a new event type for Sysmon version 11.0: event ID 23, File Delete. As indicated by the name, it logs file delete events that occur on the sys…
Tweeted by @TheHackersNews https://twitter.com/TheHackersNews/status/1312083920603635715
Sysmon Internals – From File Delete Event to Kernel Code Execution