#sysinternals — Public Fediverse posts

Practical intro to Windows Sysinternals, 2026-04-16, 12:00

How to find out if you have malware on your #Windows system? Today we learn to use #Sysinternals, an alternative to the standard Task Manager. There will be a brief overview of ways #malware can hide and gain persistent access over reboots, and then a mini #CTF where you can find hidden "malware" on a virtual machine. Can you find all the secrets?

Open for all, no registration needed. Bring a friend!

More info: https://www.uu.se/en/department/information-technology/events/archive/2026-04-16-cyberrisklab-practical-intro-to-windows-sysinternals

listent for macOS, ZoomIt, Sysmon, DebugView, NotMyFault, Procmon for Linux, and RAMMap | Sysinternals blog

https://techcommunity.microsoft.com/blog/sysinternals-blog/listent-for-macos-zoomit-sysmon-debugview-notmyfault-procmon-for-linux-and-ramma/4506035

#devtools #windows #linux #utilities #sysinternals #zoomit #procmon

listent for macOS, ZoomIt, Sysmon, DebugView, NotMyFault, Procmon for Linux, and RAMMap | Sysinternals blog

https://techcommunity.microsoft.com/blog/sysinternals-blog/listent-for-macos-zoomit-sysmon-debugview-notmyfault-procmon-for-linux-and-ramma/4506035

#devtools #windows #linux #utilities #sysinternals #zoomit #procmon

listent for macOS, ZoomIt, Sysmon, DebugView, NotMyFault, Procmon for Linux, and RAMMap | Sysinternals blog

https://techcommunity.microsoft.com/blog/sysinternals-blog/listent-for-macos-zoomit-sysmon-debugview-notmyfault-procmon-for-linux-and-ramma/4506035

#devtools #windows #linux #utilities #sysinternals #zoomit #procmon

listent for macOS, ZoomIt, Sysmon, DebugView, NotMyFault, Procmon for Linux, and RAMMap | Sysinternals blog

https://techcommunity.microsoft.com/blog/sysinternals-blog/listent-for-macos-zoomit-sysmon-debugview-notmyfault-procmon-for-linux-and-ramma/4506035

#devtools #windows #linux #utilities #sysinternals #zoomit #procmon

listent for macOS, ZoomIt, Sysmon, DebugView, NotMyFault, Procmon for Linux, and RAMMap | Sysinternals blog

https://techcommunity.microsoft.com/blog/sysinternals-blog/listent-for-macos-zoomit-sysmon-debugview-notmyfault-procmon-for-linux-and-ramma/4506035

#devtools #windows #linux #utilities #sysinternals #zoomit #procmon

🖥️ “Big Brother is Watching!” by Bartek Bielawski taught how to troubleshoot client machines remotely using #PowerShell without disrupting users: 🧰 #Sysinternals (Handle, Procmon, RAMMap) 📡 #pktmon > netsh 🧪 Smart prep = zero friction 🎟️ psconf.eu #RemoteSupport #PSConfEU

- YouTube

heise+ | Tipps für Microsofts #Sysinternals-Werkzeuge | c't Magazin https://www.heise.de/ratgeber/Tipps-fuer-Microsofts-Sysinternals-Werkzeuge-11134686.html #heiseplus #SysinternalsSuite #Windows :windows: #MicrosoftWindows :windows:

ZoomIt v10.0, Sysmon 1.5 for Linux, Sigcheck v2.91, RAMMap v1.62, and RDCMan v3.12

https://techcommunity.microsoft.com/blog/sysinternals-blog/zoomit-v10-0-sysmon-1-5-for-linux-sigcheck-v2-91-rammap-v1-62-and-rdcman-v3-12/4492342

#sysinternals #devtools #windows #linux #utilities

----------------

🛠️ Tool
===================

Executive summary: The TrustedSec Sysmon Community Guide is an open-source reference that documents Microsoft Sysinternals Sysmon capabilities, event taxonomy, configuration guidance, and approaches for detection engineering. Authored and maintained by Carlos Perez of TrustedSec, the guide is published under a Creative Commons Attribution-ShareAlike 4.0 license.

Technical details:
• The guide catalogs Sysmon event families including process events (creation, termination, access), file events (create, delete, stream hash, create-time change), network events (network connections, DNS query), image loading, named pipes, driver loading, registry actions, create remote thread, raw access read, WMI events, clipboard capture, and process image tampering.
• Platform-specific coverage includes the Sysmon kernel driver and Windows-focused internals as well as Linux support via sysinternalsEBPF that captures equivalent telemetry on Linux hosts.
• Configuration and detection-engineering chapters provide conceptual approaches to crafting filters and detection rules, and the repository structure maps topics to chapter files (e.g., process-creation.md, network-connections.md).

How it works (conceptual):
• The guide describes how Sysmon produces structured event telemetry accessible to SIEMs, and how eBPF-based collectors on Linux mirror similar event classes.
• Sample topics explain event fields used for correlation (process hashes, parent/child relationships, command line, network endpoints, registry keys) without prescribing a single configuration, acknowledging environment variability.

Use cases:
• Central reference for SOCs building Sysmon configurations and detection logic.
• Baseline for threat hunting using process, file, and network indicators documented in the chapters.

Limitations:
• The guide emphasizes community contributions and does not prescribe one-size-fits-all configurations; specifics must be adapted per environment.
• No vendor-specific deployment steps are included; the document focuses on capabilities and detection concepts.

References: TrustedSec LLC, Carlos Perez, Creative Commons BY-SA 4.0. #sysmon #detection_engineering #sysinternals #eBPF #tool

🔗 Source: https://github.com/trustedsec/SysmonCommunityGuide

An dieser Stelle sollte ich vielleicht mal 1 Schritt zurücktreten und resümieren, was passiert ist. Die Beiträge waren teils recht kleinteilig, obwohl ich nur das wichtigste notiert habe. Tatsächlich war das eine umfangreiche Analyse mit #winmerge #notepad++ #regedit #gpu-z #hwinfo #Sandboxie #sysinternals #DependencyWalker, #archiveorg unter Mithilfe von #ChatGPT und #perplexity Die beiden erzählen leider auch Mist und man muss genau hinschauen, aber ohne sie wäre das kaum machbar gewesen

#Windows :windows: integriert #Sysmon nativ | Security https://www.heise.de/news/Sysmon-wird-Windows-Bestandteil-11084871.html #Windows11 #WindowsServer2025 #Sysinternals #SysinternalsSuite

Der #Sysinternals System Monitor soll in Windows 11 integriert werden. https://techcommunity.microsoft.com/blog/windows-itpro-blog/native-sysmon-functionality-coming-to-windows/4468112
Vielleicht ist das der Grund, dass jetzt #Windows7 hinten runter fällt - schade.

Zurück zu #KabyLake ich habe das mit #perplexityai und #ChatGpt diskutiert. Bei ersterem stößt man leider schnell an die Grenzen und dreht sich dann im Kreis. Mit ChatGpt (Basismodell) kann man erstaunlich tief in das Problem eindringen, aber es ist beileibe nicht alles richtig, was das Ding erzählt. Man muss hinschauen!

https://winbuzzer.com/2025/11/18/microsoft-integrates-system-monitor-sysmon-into-windows-11-xcxwbn

Microsoft Integrates System Monitor (Sysmon) into Windows 11

#Windows11 #Sysmon #CyberSecurity #InfoSec #Microsoft #WindowsServer #Sysinternals #BlueTeam #ThreatHunting #EdgeAI #WindowsUpdate

ZoomIt v9.10, ProcDump 3.5 for Linux, and jcd 1.0.1 | Sysinternals

https://techcommunity.microsoft.com/blog/sysinternals-blog/zoomit-v9-10-procdump-3-5-for-linux-and-jcd-1-0-1/4461244

#devtools #sysinternals #windows #linux

quicktipp #103: inspecting the permissions of a named pipe on Windows with sysinternals `accesschk.exe`.

https://learn.microsoft.com/en-us/sysinternals/downloads/accesschk

#windows #sysinternals #namedpipe #winio #docker #microsoft #acl #sddl #powershell

quicktipp #103: inspecting the permissions of a named pipe on Windows with sysinternals `accesschk.exe`.

https://learn.microsoft.com/en-us/sysinternals/downloads/accesschk

#windows #sysinternals #namedpipe #winio #docker #microsoft #acl #sddl #powershell

quicktipp #103: inspecting the permissions of a named pipe on Windows with sysinternals `accesschk.exe`.

https://learn.microsoft.com/en-us/sysinternals/downloads/accesschk

#windows #sysinternals #namedpipe #winio #docker #microsoft #acl #sddl #powershell

quicktipp #103: inspecting the permissions of a named pipe on Windows with sysinternals `accesschk.exe`.

https://learn.microsoft.com/en-us/sysinternals/downloads/accesschk

#windows #sysinternals #namedpipe #winio #docker #microsoft #acl #sddl #powershell

@adridoesthings SDelete aus der #SysInternals Suite zum Bleistift. Oder braust und filterst dir was aus dieser Sammlung. https://alternativeto.net/software/sdelete/
#alternativeTo #floss #opensource #wipe

Wprowadzenie do Sysinternals – PSTools/PsExec

W pracy z systemami Windows kluczowy jest dostęp do narzędzi umożliwiających zdalną administrację. Choć nowoczesne rozwiązania, takie jak PowerShell Remoting, dobrze spełniają te funkcje, ich wykorzystanie często jest ograniczone przez polityki bezpieczeństwa lub rozwiązania EDR (Endpoint Detection & Response – wykrywanie i reagowanie w punktach końcowych). W takich sytuacjach można...

#Narzędzia #Teksty #Narzędzia #Psexec #Pstools #Sysinternals #Windows

https://sekurak.pl/wprowadzenie-do-sysinternals-pstools-psexec/

Wprowadzenie do Sysinternals – PSTools/PsExec

W pracy z systemami Windows kluczowy jest dostęp do narzędzi umożliwiających zdalną administrację. Choć nowoczesne rozwiązania, takie jak PowerShell Remoting, dobrze spełniają te funkcje, ich wykorzystanie często jest ograniczone przez polityki bezpieczeństwa lub rozwiązania EDR (Endpoint Detection & Response – wykrywanie i reagowanie w punktach końcowych). W takich sytuacjach można...

#Narzędzia #Teksty #Narzędzia #Psexec #Pstools #Sysinternals #Windows

https://sekurak.pl/wprowadzenie-do-sysinternals-pstools-psexec/

Wprowadzenie do Sysinternals – PSTools/PsExec

W pracy z systemami Windows kluczowy jest dostęp do narzędzi umożliwiających zdalną administrację. Choć nowoczesne rozwiązania, takie jak PowerShell Remoting, dobrze spełniają te funkcje, ich wykorzystanie często jest ograniczone przez polityki bezpieczeństwa lub rozwiązania EDR (Endpoint Detection & Response – wykrywanie i reagowanie w punktach końcowych). W takich sytuacjach można...

#Narzędzia #Teksty #Narzędzia #Psexec #Pstools #Sysinternals #Windows

https://sekurak.pl/wprowadzenie-do-sysinternals-pstools-psexec/

Wprowadzenie do Sysinternals – PSTools/PsExec

W pracy z systemami Windows kluczowy jest dostęp do narzędzi umożliwiających zdalną administrację. Choć nowoczesne rozwiązania, takie jak PowerShell Remoting, dobrze spełniają te funkcje, ich wykorzystanie często jest ograniczone przez polityki bezpieczeństwa lub rozwiązania EDR (Endpoint Detection & Response – wykrywanie i reagowanie w punktach końcowych). W takich sytuacjach można...

#Narzędzia #Teksty #Narzędzia #Psexec #Pstools #Sysinternals #Windows

https://sekurak.pl/wprowadzenie-do-sysinternals-pstools-psexec/

Sysinternals - I have just completed this room! Check it out: https://tryhackme.com/room/btsysinternalssg #tryhackme #sysinternals #procmon #psexec #procexp #btsysinternalssg via @RealTryHackMe

Sysinternals - I have just completed this room! Check it out: https://tryhackme.com/room/btsysinternalssg #tryhackme #sysinternals #procmon #psexec #procexp #btsysinternalssg via @RealTryHackMe

Sysinternals - I have just completed this room! Check it out: https://tryhackme.com/room/btsysinternalssg #tryhackme #sysinternals #procmon #psexec #procexp #btsysinternalssg via @RealTryHackMe

Sysinternals - I have just completed this room! Check it out: https://tryhackme.com/room/btsysinternalssg #tryhackme #sysinternals #procmon #psexec #procexp #btsysinternalssg via @RealTryHackMe

Identify Which Process Is Blocking a File in Windows | by Orin Thomas.

https://techcommunity.microsoft.com/blog/itopstalkblog/identify-which-process-is-blocking-a-file-in-windows/4432635

#sysinternals #windows #utilities #poweruser #itpro

The first of three blog posts around automating debugging in #Windows with Perfmon, Wireshark, and ProcMon. #powershell #itpro #sysadmin #configmgr #sysinternals

https://potentengineer.com/2024/10/12/automating-performance-monitor-in-windows.html

A Linux version of the Procmon Sysinternals tool

https://github.com/microsoft/ProcMon-for-Linux

#HackerNews #Linux #Procmon #Sysinternals #Tool #Microsoft #GitHub

Found myself teaching #ProcMon and #Troubleshooting to a peer again today. It was an essential skill in a previous role and one that everyone should have in their tool box.

Additional tools include #AuditPol and #Sysmon

I cover two of those (Sys and Procmon) in this video.

Give it a watch, share it around, etc....

https://youtu.be/rr5CI7rakkU?t=2453

These are great tools to use when more advanced malware sandboxing tools aren't available. VM and #Sysinternals

#DFIR #Forensics #HelpDesk #Malware

🖥️ “Big Brother is Watching!” by Bartek Bielawski taught how to troubleshoot client machines remotely using #PowerShell without disrupting users: 🧰 #Sysinternals (Handle, Procmon, RAMMap) 📡 #pktmon > netsh 🧪 Smart prep = zero friction 🎟️ psconf.eu #RemoteSupport #PSConfEU

- YouTube

🖥️ “Big Brother is Watching!” by Bartek Bielawski taught how to troubleshoot client machines remotely using #PowerShell without disrupting users: 🧰 #Sysinternals (Handle, Procmon, RAMMap) 📡 #pktmon > netsh 🧪 Smart prep = zero friction 🎟️ psconf.eu #RemoteSupport #PSConfEU

- YouTube

Linus Torvalds and Bill Gates Meet for the First Time

In a surprising turn of events, Microsoft co-founder Bill Gates and Linus Torvalds, the creator of the Linux kernel, recently met for the first time. The historic encounter took place at a dinner hosted by Sysinternals' creator Mark Russinovich.

This rare moment brought together icons from Linux and Windows, with Microsoft’s Dave Cutler also meeting Torvalds for the first time. As Russinovich humorously noted in a LinkedIn post, “No major kernel decisions were made.” https://www.linkedin.com/posts/markrussinovich_i-had-the-thrill-of-a-lifetime-hosting-dinner-activity-7341857033932914691-f5Kw/

#Linux #LinuxKernel #Windows #BillGates #Linus #LinusTorvalds #MSFT #Microsoft #Tech #Technology #RareMoment #TechWorld #OperatingSystem #OS #Kernel #Sysinternals #DaveCutler

ProcDump 3.4.1 for Linux and Sysmon 1.3.5 for Linux now available.

https://techcommunity.microsoft.com/blog/sysinternals-blog/procdump-3-4-1-for-linux-and-sysmon-1-3-5-for-linux/4394499

#sysinternals #utilities #linux #devtools

EPISODE 10 - Scott & Mark Learn To... Zoomit with Scott Hanselman & Mark Russinovich | Wed at 12:15pm EST.

https://www.youtube.com/watch?v=8WEoZ646Ikk

#zoomit #sysinternals #windows #devtools

ZoomIt v9.0 from Sysinternals.

This release adds drawing and annotation on top of live windows and the desktop.

https://techcommunity.microsoft.com/blog/sysinternals-blog/zoomit-v9-0/4358021
#windows #powerusers #sysinternals #utilities

Announcing ZoomIt v9.0 with LiveDraw and LiveZoom

No more freezing before sketching/writing. Now you can write/draw on the Windows desktop & over applications that are actively moving on the screen.

And it's still free! 😁

https://techcommunity.microsoft.com/blog/sysinternals-blog/zoomit-v9-0/4358021

#SysInternals #Microsoft #Tools #windows

Premiering tomorrow: EPISODE 6 - Scott & Mark Learn To... Take a Dump.

https://buff.ly/3ZwJETv
#podcast #devcommunity #programming #productivity #debugging #windowsdev #sysinternals

ProcDump 1.0 for Mac. The first Systinternals tool for macOS!

https://techcommunity.microsoft.com/blog/sysinternals-blog/procdump-1-0-for-mac/4295719
#macos #sysinternals #microsoft #tools #utility

I know #Sysinternals around 15 years now, and I use process explorer for my daily use, it is better than windows task manager, anyway today I learned that they have procdump, and it is actually open source for #linux, and it is pretty popular 3k stars in GitHub, then I was wondering if I can find gcgen option for windows @mariohewardt said they will consider it, I think it will be easier for customers to have procdump instead of dotnet-gcdump or opening task manager and generating the dump from it :blobcathappy:

https://github.com/Sysinternals/ProcDump-for-Linux/issues/188#issuecomment-2292000833

Wprowadzenie do Sysinternals – Process Explorer

Windowsowy Menedżer zadań jest pierwszym narzędziem, po które sięgamy, gdy chcemy rozwiązać problem z działaniem danego programu. W Task Managerze możemy zobaczyć procesy systemu, uruchomione usługi i aplikacje, a także możemy nimi zarządzać w najbardziej podstawowym zakresie. Jeśli chcielibyśmy precyzyjnie ustalić szczegóły działania programów, np. przejrzeć listę zasobów przydzielonych do...

#Narzędzia #Teksty #Narzędzia #Processexplorer #Sysinternals #Windows

https://sekurak.pl/wprowadzenie-do-sysinternals-process-explorer/

Process Monitor v4.0 and Sysmon 1.3.3 for Linux.

#sysinternals #linux #windows
https://techcommunity.microsoft.com/t5/sysinternals-blog/process-monitor-v4-0-and-sysmon-1-3-3-for-linux/ba-p/4169957

ProcDump 3.3 for Linux and Process Explorer v17.06.

#sysinternals #windows #linux #utilities #debugging
https://techcommunity.microsoft.com/t5/sysinternals-blog/procdump-3-3-for-linux-and-process-explorer-v17-06/ba-p/4154084

I've used Mark Russinovich's #Sysinternals utilities for decades (autoruns, procexp, procmon, tcpview, etc.), but I properly learned about #ZoomIt only in recent few days (so late possibly due to deceptively simple name), which supports more than just zooming screen (BTW doable via Win+Plus without any additional software). Great little tool for sessions with screen sharing and presentations in Windows.

https://learn.microsoft.com/en-us/sysinternals/downloads/zoomit

You can grab it also from:
\\live.sysinternals.com\tools\