The document introduces Sysinternals tools, a collection of utilities developed to manage, diagnose, troubleshoot, and monitor Windows environments, originally created by Winternals Software LP and acquired by Microsoft in 2006. It highlights key tools such as Strings, TCPView, Autoruns, Process Explorer, Process Monitor, Procdump, and PsExec. Additionally, it includes references for further reading and insights from the author, Riyaz Walikar.

1. An introduction to
Sysinternals tools
Riyaz Walikar
@wincmdfu

2. Background
• The sysinternals website was created and operated by the company
Winternals Software LP
• Collection of utilities to manage, diagnose, troubleshoot and monitor
a Windows environment
• Microsoft acquired Winternals and its assets on July 18, 2006

3. • Bryce Cogswell
• Mark Russinovich

4. Tools
• Collection of 60+ utilities
• https://technet.microsoft.com/en-us/sysinternals/bb842062
• live.sysinternals.comtoolsstrings.exe
• I will try and cover
• strings, tcpview, autoruns, procexp, procmon, procdump and psexec

5. strings

6. strings

7. tcpview

8. autoruns

9. procexp

10. procmon

11. procdump
After obtaining a memory dump of the lsass.exe
mimikatz # sekurlsa::minidump lsass.exe_161216_112214.dmp

12. psexec

13. References and further reading
• https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx
• https://technet.microsoft.com/en-us/sysinternals/bb842062
• https://blogs.technet.microsoft.com/markrussinovich/
• https://technet.microsoft.com/en-us/sysinternals/bb963887
• https://ibreak.software/2009/07/22/the-case-of-the-intelligent-spambot/
• https://ibreak.software/2009/07/07/the-case-of-the-persistent-executable/

14. C:> whoami
• Chief Offensive Security Officer – Appsecco
• @riyazwalikar
• @wincmdfu
• riyazwalikar@gmail.com
• http://ibreak.software