Introduction
In this video walk-through, we covered some sysinternal tools from Microsoft that can be used to investigate the presence of malware.
Learn to use the Sysinternals tools to analyze Window systems or applications.
What are the tools known as Sysinternals?
The Sysinternals tools is a compilation of over 70+ Windows-based tools. Each of the tools falls into one of the following categories:
- File and Disk Utilities
- Networking Utilities
- Process Utilities
- Security Utilities
- System Information
- Miscellaneous
The Sysinternals tools and its website (sysinternals.com) were created by Mark Russinovich back in the late ’90s, along with an individual named Bryce Cogswell under the company Wininternals Software.
In 2005, Microsoft acquired Wininternals Software, and Mark Russinovich joined Microsoft. Today he is the CTO of Microsoft Azure.
Mark Russinovich made headlines when he reported that Sony embedded rootkits into their music CDs back in 2005. This discovery was made known thanks to one of the Sysinternals tools he was testing. You can read more about that here.
He also discovered in 2006 that Symantec was using rootkit-like technology. You can read more about that here.
The Sysinternals tools are extremely popular among IT professionals who manage Windows systems. These tools are so popular that even red teamers and adversaries alike use them. Throughout this room, I’ll note which tools MITRE has identified to have been used by adversaries.
The goal of this room is to introduce you to a handful of Sysinternals tools with the hopes that you will expand on this knowledge with your own research and curiosity.
Room Answers
What entry was updated?
What is the updated value?
Video Walk-through
