#sysinternals — Public Fediverse posts

Practical intro to Windows Sysinternals, 2026-04-16, 12:00

How to find out if you have malware on your #Windows system? Today we learn to use #Sysinternals, an alternative to the standard Task Manager. There will be a brief overview of ways #malware can hide and gain persistent access over reboots, and then a mini #CTF where you can find hidden "malware" on a virtual machine. Can you find all the secrets?

Open for all, no registration needed. Bring a friend!

More info: https://www.uu.se/en/department/information-technology/events/archive/2026-04-16-cyberrisklab-practical-intro-to-windows-sysinternals

listent for macOS, ZoomIt, Sysmon, DebugView, NotMyFault, Procmon for Linux, and RAMMap | Sysinternals blog

https://techcommunity.microsoft.com/blog/sysinternals-blog/listent-for-macos-zoomit-sysmon-debugview-notmyfault-procmon-for-linux-and-ramma/4506035

#devtools #windows #linux #utilities #sysinternals #zoomit #procmon

listent for macOS, ZoomIt, Sysmon, DebugView, NotMyFault, Procmon for Linux, and RAMMap | Sysinternals blog

https://techcommunity.microsoft.com/blog/sysinternals-blog/listent-for-macos-zoomit-sysmon-debugview-notmyfault-procmon-for-linux-and-ramma/4506035

#devtools #windows #linux #utilities #sysinternals #zoomit #procmon

listent for macOS, ZoomIt, Sysmon, DebugView, NotMyFault, Procmon for Linux, and RAMMap | Sysinternals blog

https://techcommunity.microsoft.com/blog/sysinternals-blog/listent-for-macos-zoomit-sysmon-debugview-notmyfault-procmon-for-linux-and-ramma/4506035

#devtools #windows #linux #utilities #sysinternals #zoomit #procmon

listent for macOS, ZoomIt, Sysmon, DebugView, NotMyFault, Procmon for Linux, and RAMMap | Sysinternals blog

https://techcommunity.microsoft.com/blog/sysinternals-blog/listent-for-macos-zoomit-sysmon-debugview-notmyfault-procmon-for-linux-and-ramma/4506035

#devtools #windows #linux #utilities #sysinternals #zoomit #procmon

listent for macOS, ZoomIt, Sysmon, DebugView, NotMyFault, Procmon for Linux, and RAMMap | Sysinternals blog

https://techcommunity.microsoft.com/blog/sysinternals-blog/listent-for-macos-zoomit-sysmon-debugview-notmyfault-procmon-for-linux-and-ramma/4506035

#devtools #windows #linux #utilities #sysinternals #zoomit #procmon

🖥️ “Big Brother is Watching!” by Bartek Bielawski taught how to troubleshoot client machines remotely using #PowerShell without disrupting users: 🧰 #Sysinternals (Handle, Procmon, RAMMap) 📡 #pktmon > netsh 🧪 Smart prep = zero friction 🎟️ psconf.eu #RemoteSupport #PSConfEU

- YouTube

heise+ | Tipps für Microsofts #Sysinternals-Werkzeuge | c't Magazin https://www.heise.de/ratgeber/Tipps-fuer-Microsofts-Sysinternals-Werkzeuge-11134686.html #heiseplus #SysinternalsSuite #Windows :windows: #MicrosoftWindows :windows:

ZoomIt v10.0, Sysmon 1.5 for Linux, Sigcheck v2.91, RAMMap v1.62, and RDCMan v3.12

https://techcommunity.microsoft.com/blog/sysinternals-blog/zoomit-v10-0-sysmon-1-5-for-linux-sigcheck-v2-91-rammap-v1-62-and-rdcman-v3-12/4492342

#sysinternals #devtools #windows #linux #utilities

----------------

🛠️ Tool
===================

Executive summary: The TrustedSec Sysmon Community Guide is an open-source reference that documents Microsoft Sysinternals Sysmon capabilities, event taxonomy, configuration guidance, and approaches for detection engineering. Authored and maintained by Carlos Perez of TrustedSec, the guide is published under a Creative Commons Attribution-ShareAlike 4.0 license.

Technical details:
• The guide catalogs Sysmon event families including process events (creation, termination, access), file events (create, delete, stream hash, create-time change), network events (network connections, DNS query), image loading, named pipes, driver loading, registry actions, create remote thread, raw access read, WMI events, clipboard capture, and process image tampering.
• Platform-specific coverage includes the Sysmon kernel driver and Windows-focused internals as well as Linux support via sysinternalsEBPF that captures equivalent telemetry on Linux hosts.
• Configuration and detection-engineering chapters provide conceptual approaches to crafting filters and detection rules, and the repository structure maps topics to chapter files (e.g., process-creation.md, network-connections.md).

How it works (conceptual):
• The guide describes how Sysmon produces structured event telemetry accessible to SIEMs, and how eBPF-based collectors on Linux mirror similar event classes.
• Sample topics explain event fields used for correlation (process hashes, parent/child relationships, command line, network endpoints, registry keys) without prescribing a single configuration, acknowledging environment variability.

Use cases:
• Central reference for SOCs building Sysmon configurations and detection logic.
• Baseline for threat hunting using process, file, and network indicators documented in the chapters.

Limitations:
• The guide emphasizes community contributions and does not prescribe one-size-fits-all configurations; specifics must be adapted per environment.
• No vendor-specific deployment steps are included; the document focuses on capabilities and detection concepts.

References: TrustedSec LLC, Carlos Perez, Creative Commons BY-SA 4.0. #sysmon #detection_engineering #sysinternals #eBPF #tool

🔗 Source: https://github.com/trustedsec/SysmonCommunityGuide

An dieser Stelle sollte ich vielleicht mal 1 Schritt zurücktreten und resümieren, was passiert ist. Die Beiträge waren teils recht kleinteilig, obwohl ich nur das wichtigste notiert habe. Tatsächlich war das eine umfangreiche Analyse mit #winmerge #notepad++ #regedit #gpu-z #hwinfo #Sandboxie #sysinternals #DependencyWalker, #archiveorg unter Mithilfe von #ChatGPT und #perplexity Die beiden erzählen leider auch Mist und man muss genau hinschauen, aber ohne sie wäre das kaum machbar gewesen

#Windows :windows: integriert #Sysmon nativ | Security https://www.heise.de/news/Sysmon-wird-Windows-Bestandteil-11084871.html #Windows11 #WindowsServer2025 #Sysinternals #SysinternalsSuite

Der #Sysinternals System Monitor soll in Windows 11 integriert werden. https://techcommunity.microsoft.com/blog/windows-itpro-blog/native-sysmon-functionality-coming-to-windows/4468112
Vielleicht ist das der Grund, dass jetzt #Windows7 hinten runter fällt - schade.

Zurück zu #KabyLake ich habe das mit #perplexityai und #ChatGpt diskutiert. Bei ersterem stößt man leider schnell an die Grenzen und dreht sich dann im Kreis. Mit ChatGpt (Basismodell) kann man erstaunlich tief in das Problem eindringen, aber es ist beileibe nicht alles richtig, was das Ding erzählt. Man muss hinschauen!

https://winbuzzer.com/2025/11/18/microsoft-integrates-system-monitor-sysmon-into-windows-11-xcxwbn

Microsoft Integrates System Monitor (Sysmon) into Windows 11

#Windows11 #Sysmon #CyberSecurity #InfoSec #Microsoft #WindowsServer #Sysinternals #BlueTeam #ThreatHunting #EdgeAI #WindowsUpdate

ZoomIt v9.10, ProcDump 3.5 for Linux, and jcd 1.0.1 | Sysinternals

https://techcommunity.microsoft.com/blog/sysinternals-blog/zoomit-v9-10-procdump-3-5-for-linux-and-jcd-1-0-1/4461244

#devtools #sysinternals #windows #linux

quicktipp #103: inspecting the permissions of a named pipe on Windows with sysinternals `accesschk.exe`.

https://learn.microsoft.com/en-us/sysinternals/downloads/accesschk

#windows #sysinternals #namedpipe #winio #docker #microsoft #acl #sddl #powershell

quicktipp #103: inspecting the permissions of a named pipe on Windows with sysinternals `accesschk.exe`.

https://learn.microsoft.com/en-us/sysinternals/downloads/accesschk

#windows #sysinternals #namedpipe #winio #docker #microsoft #acl #sddl #powershell

quicktipp #103: inspecting the permissions of a named pipe on Windows with sysinternals `accesschk.exe`.

https://learn.microsoft.com/en-us/sysinternals/downloads/accesschk

#windows #sysinternals #namedpipe #winio #docker #microsoft #acl #sddl #powershell

quicktipp #103: inspecting the permissions of a named pipe on Windows with sysinternals `accesschk.exe`.

https://learn.microsoft.com/en-us/sysinternals/downloads/accesschk

#windows #sysinternals #namedpipe #winio #docker #microsoft #acl #sddl #powershell

🖥️ “Big Brother is Watching!” by Bartek Bielawski taught how to troubleshoot client machines remotely using #PowerShell without disrupting users: 🧰 #Sysinternals (Handle, Procmon, RAMMap) 📡 #pktmon > netsh 🧪 Smart prep = zero friction 🎟️ psconf.eu #RemoteSupport #PSConfEU

- YouTube

A Linux version of the Procmon Sysinternals tool

https://github.com/microsoft/ProcMon-for-Linux

#HackerNews #Linux #Procmon #Sysinternals #Tool #Microsoft #GitHub

A Linux version of the Procmon Sysinternals tool

https://github.com/microsoft/ProcMon-for-Linux

#HackerNews #Linux #Procmon #Sysinternals #Tool #Microsoft #GitHub

A Linux version of the Procmon Sysinternals tool

https://github.com/microsoft/ProcMon-for-Linux

#HackerNews #Linux #Procmon #Sysinternals #Tool #Microsoft #GitHub

A Linux version of the Procmon Sysinternals tool

https://github.com/microsoft/ProcMon-for-Linux

#HackerNews #Linux #Procmon #Sysinternals #Tool #Microsoft #GitHub

A Linux version of the Procmon Sysinternals tool

https://github.com/microsoft/ProcMon-for-Linux

#HackerNews #Linux #Procmon #Sysinternals #Tool #Microsoft #GitHub

🖥️ “Big Brother is Watching!” by Bartek Bielawski taught how to troubleshoot client machines remotely using #PowerShell without disrupting users: 🧰 #Sysinternals (Handle, Procmon, RAMMap) 📡 #pktmon > netsh 🧪 Smart prep = zero friction 🎟️ psconf.eu #RemoteSupport #PSConfEU

- YouTube

Identify Which Process Is Blocking a File in Windows | by Orin Thomas.

https://techcommunity.microsoft.com/blog/itopstalkblog/identify-which-process-is-blocking-a-file-in-windows/4432635

#sysinternals #windows #utilities #poweruser #itpro

Linus Torvalds and Bill Gates Meet for the First Time

In a surprising turn of events, Microsoft co-founder Bill Gates and Linus Torvalds, the creator of the Linux kernel, recently met for the first time. The historic encounter took place at a dinner hosted by Sysinternals' creator Mark Russinovich.

This rare moment brought together icons from Linux and Windows, with Microsoft’s Dave Cutler also meeting Torvalds for the first time. As Russinovich humorously noted in a LinkedIn post, “No major kernel decisions were made.” https://www.linkedin.com/posts/markrussinovich_i-had-the-thrill-of-a-lifetime-hosting-dinner-activity-7341857033932914691-f5Kw/

#Linux #LinuxKernel #Windows #BillGates #Linus #LinusTorvalds #MSFT #Microsoft #Tech #Technology #RareMoment #TechWorld #OperatingSystem #OS #Kernel #Sysinternals #DaveCutler

Linus Torvalds and Bill Gates Meet for the First Time

In a surprising turn of events, Microsoft co-founder Bill Gates and Linus Torvalds, the creator of the Linux kernel, recently met for the first time. The historic encounter took place at a dinner hosted by Sysinternals' creator Mark Russinovich.

This rare moment brought together icons from Linux and Windows, with Microsoft’s Dave Cutler also meeting Torvalds for the first time. As Russinovich humorously noted in a LinkedIn post, “No major kernel decisions were made.” https://www.linkedin.com/posts/markrussinovich_i-had-the-thrill-of-a-lifetime-hosting-dinner-activity-7341857033932914691-f5Kw/

#Linux #LinuxKernel #Windows #BillGates #Linus #LinusTorvalds #MSFT #Microsoft #Tech #Technology #RareMoment #TechWorld #OperatingSystem #OS #Kernel #Sysinternals #DaveCutler

Linus Torvalds and Bill Gates Meet for the First Time

In a surprising turn of events, Microsoft co-founder Bill Gates and Linus Torvalds, the creator of the Linux kernel, recently met for the first time. The historic encounter took place at a dinner hosted by Sysinternals' creator Mark Russinovich.

This rare moment brought together icons from Linux and Windows, with Microsoft’s Dave Cutler also meeting Torvalds for the first time. As Russinovich humorously noted in a LinkedIn post, “No major kernel decisions were made.” https://www.linkedin.com/posts/markrussinovich_i-had-the-thrill-of-a-lifetime-hosting-dinner-activity-7341857033932914691-f5Kw/

#Linux #LinuxKernel #Windows #BillGates #Linus #LinusTorvalds #MSFT #Microsoft #Tech #Technology #RareMoment #TechWorld #OperatingSystem #OS #Kernel #Sysinternals #DaveCutler

Linus Torvalds and Bill Gates Meet for the First Time

In a surprising turn of events, Microsoft co-founder Bill Gates and Linus Torvalds, the creator of the Linux kernel, recently met for the first time. The historic encounter took place at a dinner hosted by Sysinternals' creator Mark Russinovich.

This rare moment brought together icons from Linux and Windows, with Microsoft’s Dave Cutler also meeting Torvalds for the first time. As Russinovich humorously noted in a LinkedIn post, “No major kernel decisions were made.” https://www.linkedin.com/posts/markrussinovich_i-had-the-thrill-of-a-lifetime-hosting-dinner-activity-7341857033932914691-f5Kw/

#Linux #LinuxKernel #Windows #BillGates #Linus #LinusTorvalds #MSFT #Microsoft #Tech #Technology #RareMoment #TechWorld #OperatingSystem #OS #Kernel #Sysinternals #DaveCutler

Linus Torvalds and Bill Gates Meet for the First Time

In a surprising turn of events, Microsoft co-founder Bill Gates and Linus Torvalds, the creator of the Linux kernel, recently met for the first time. The historic encounter took place at a dinner hosted by Sysinternals' creator Mark Russinovich.

This rare moment brought together icons from Linux and Windows, with Microsoft’s Dave Cutler also meeting Torvalds for the first time. As Russinovich humorously noted in a LinkedIn post, “No major kernel decisions were made.” https://www.linkedin.com/posts/markrussinovich_i-had-the-thrill-of-a-lifetime-hosting-dinner-activity-7341857033932914691-f5Kw/

#Linux #LinuxKernel #Windows #BillGates #Linus #LinusTorvalds #MSFT #Microsoft #Tech #Technology #RareMoment #TechWorld #OperatingSystem #OS #Kernel #Sysinternals #DaveCutler

ProcDump 3.4.1 for Linux and Sysmon 1.3.5 for Linux now available.

https://techcommunity.microsoft.com/blog/sysinternals-blog/procdump-3-4-1-for-linux-and-sysmon-1-3-5-for-linux/4394499

#sysinternals #utilities #linux #devtools

EPISODE 10 - Scott & Mark Learn To... Zoomit with Scott Hanselman & Mark Russinovich | Wed at 12:15pm EST.

https://www.youtube.com/watch?v=8WEoZ646Ikk

#zoomit #sysinternals #windows #devtools

EPISODE 10 - Scott & Mark Learn To... Zoomit with Scott Hanselman & Mark Russinovich | Wed at 12:15pm EST.

https://www.youtube.com/watch?v=8WEoZ646Ikk

#zoomit #sysinternals #windows #devtools

EPISODE 10 - Scott & Mark Learn To... Zoomit with Scott Hanselman & Mark Russinovich | Wed at 12:15pm EST.

https://www.youtube.com/watch?v=8WEoZ646Ikk

#zoomit #sysinternals #windows #devtools

EPISODE 10 - Scott & Mark Learn To... Zoomit with Scott Hanselman & Mark Russinovich | Wed at 12:15pm EST.

https://www.youtube.com/watch?v=8WEoZ646Ikk

#zoomit #sysinternals #windows #devtools

EPISODE 10 - Scott & Mark Learn To... Zoomit with Scott Hanselman & Mark Russinovich | Wed at 12:15pm EST.

https://www.youtube.com/watch?v=8WEoZ646Ikk

#zoomit #sysinternals #windows #devtools

ZoomIt in PowerToys v0.88, ProcDump 3.4 for Linux, and Sysmon 1.3.4 for Linux. https://techcommunity.microsoft.com/blog/sysinternals-blog/zoomit-in-powertoys-v0-88-procdump-3-4-for-linux-and-sysmon-1-3-4-for-linux/4371818 #sysinternals #powertoys #zoomit #linux #windows

ZoomIt in PowerToys v0.88, Pro...

ZoomIt in PowerToys v0.88, ProcDump 3.4 for Linux, and Sysmon 1.3.4 for Linux. https://techcommunity.microsoft.com/blog/sysinternals-blog/zoomit-in-powertoys-v0-88-procdump-3-4-for-linux-and-sysmon-1-3-4-for-linux/4371818 #sysinternals #powertoys #zoomit #linux #windows

ZoomIt in PowerToys v0.88, Pro...

ZoomIt v9.0 from Sysinternals.

This release adds drawing and annotation on top of live windows and the desktop.

https://techcommunity.microsoft.com/blog/sysinternals-blog/zoomit-v9-0/4358021
#windows #powerusers #sysinternals #utilities

Announcing ZoomIt v9.0 with LiveDraw and LiveZoom

No more freezing before sketching/writing. Now you can write/draw on the Windows desktop & over applications that are actively moving on the screen.

And it's still free! 😁

https://techcommunity.microsoft.com/blog/sysinternals-blog/zoomit-v9-0/4358021

#SysInternals #Microsoft #Tools #windows

Premiering tomorrow: EPISODE 6 - Scott & Mark Learn To... Take a Dump.

https://buff.ly/3ZwJETv
#podcast #devcommunity #programming #productivity #debugging #windowsdev #sysinternals

ProcDump 1.0 for Mac. The first Systinternals tool for macOS!

https://techcommunity.microsoft.com/blog/sysinternals-blog/procdump-1-0-for-mac/4295719
#macos #sysinternals #microsoft #tools #utility

Wprowadzenie do Sysinternals – PSTools/PsExec

W pracy z systemami Windows kluczowy jest dostęp do narzędzi umożliwiających zdalną administrację. Choć nowoczesne rozwiązania, takie jak PowerShell Remoting, dobrze spełniają te funkcje, ich wykorzystanie często jest ograniczone przez polityki bezpieczeństwa lub rozwiązania EDR (Endpoint Detection & Response – wykrywanie i reagowanie w punktach końcowych). W takich sytuacjach można...

#Narzędzia #Teksty #Narzędzia #Psexec #Pstools #Sysinternals #Windows

https://sekurak.pl/wprowadzenie-do-sysinternals-pstools-psexec/

Wprowadzenie do Sysinternals – PSTools/PsExec

W pracy z systemami Windows kluczowy jest dostęp do narzędzi umożliwiających zdalną administrację. Choć nowoczesne rozwiązania, takie jak PowerShell Remoting, dobrze spełniają te funkcje, ich wykorzystanie często jest ograniczone przez polityki bezpieczeństwa lub rozwiązania EDR (Endpoint Detection & Response – wykrywanie i reagowanie w punktach końcowych). W takich sytuacjach można...

#Narzędzia #Teksty #Narzędzia #Psexec #Pstools #Sysinternals #Windows

https://sekurak.pl/wprowadzenie-do-sysinternals-pstools-psexec/

Wprowadzenie do Sysinternals – PSTools/PsExec

W pracy z systemami Windows kluczowy jest dostęp do narzędzi umożliwiających zdalną administrację. Choć nowoczesne rozwiązania, takie jak PowerShell Remoting, dobrze spełniają te funkcje, ich wykorzystanie często jest ograniczone przez polityki bezpieczeństwa lub rozwiązania EDR (Endpoint Detection & Response – wykrywanie i reagowanie w punktach końcowych). W takich sytuacjach można...

#Narzędzia #Teksty #Narzędzia #Psexec #Pstools #Sysinternals #Windows

https://sekurak.pl/wprowadzenie-do-sysinternals-pstools-psexec/

Wprowadzenie do Sysinternals – PSTools/PsExec

W pracy z systemami Windows kluczowy jest dostęp do narzędzi umożliwiających zdalną administrację. Choć nowoczesne rozwiązania, takie jak PowerShell Remoting, dobrze spełniają te funkcje, ich wykorzystanie często jest ograniczone przez polityki bezpieczeństwa lub rozwiązania EDR (Endpoint Detection & Response – wykrywanie i reagowanie w punktach końcowych). W takich sytuacjach można...

#Narzędzia #Teksty #Narzędzia #Psexec #Pstools #Sysinternals #Windows

https://sekurak.pl/wprowadzenie-do-sysinternals-pstools-psexec/

The first of three blog posts around automating debugging in #Windows with Perfmon, Wireshark, and ProcMon. #powershell #itpro #sysadmin #configmgr #sysinternals

https://potentengineer.com/2024/10/12/automating-performance-monitor-in-windows.html