More Related Content Similar to An Introduction to Sysinternals (20) An Introduction to Sysinternals2. Background
• The sysinternals website was created and operated by the company
Winternals Software LP
• Collection of utilities to manage, diagnose, troubleshoot and monitor
a Windows environment
• Microsoft acquired Winternals and its assets on July 18, 2006
4. Tools
• Collection of 60+ utilities
• https://technet.microsoft.com/en-us/sysinternals/bb842062
• live.sysinternals.comtoolsstrings.exe
• I will try and cover
• strings, tcpview, autoruns, procexp, procmon, procdump and psexec
13. References and further reading
• https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx
• https://technet.microsoft.com/en-us/sysinternals/bb842062
• https://blogs.technet.microsoft.com/markrussinovich/
• https://technet.microsoft.com/en-us/sysinternals/bb963887
• https://ibreak.software/2009/07/22/the-case-of-the-intelligent-spambot/
• https://ibreak.software/2009/07/07/the-case-of-the-persistent-executable/
14. C:> whoami
• Chief Offensive Security Officer – Appsecco
• @riyazwalikar
• @wincmdfu
• riyazwalikar@gmail.com
• http://ibreak.software
Editor's Notes The newer versions of autoruns has a tab for WMI, office Mimkatz is a tool used to extract Kerberos tickets, passwords, logon credentials and tons of other information from a Windows computer. Run commands as a different user or on remote systems