Cyber Security Utilities: SysInternals

April 20, 2018 | Views: 1609

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

I would not be surprised if you didn’t have any idea about Microsoft “Sysinternals.” But it is not something that you should miss if you’re working in Security/Networking/Linux as an Administrator.

Why Sysinternals?

I know, it is good to know all CMD Commands, but sometimes you may get confused between commands. If you’re a beginner, then you have yo learn them, right?

So here SysInternal comes into play. It is a collection of advanced system utility. SysInternals can do pretty advanced stuff without any hassle, and it has a size of just a few MBs  You should go and explore some of the SysInternal utilities that I have recommended below.

Sysinternals Suite is an entire set of Sysinternals Utility under a single zip.

Now, let’s get started!

  • Process Explorer: This tool is same as task manager, but it includes a vast list of features when compared to task manager. We can view details(CPU Usage, PID, Verified Signer, Company Name for the process) about each operation and verify it from Virus Total (Which is a famous Malware detection Engine) and much more.
  • TCP View: This tool is handy when it comes to processing connection view. Eg. We can analyze which process is working on which port and making a connection to which Foreign Address (IP and Port No.) It also tells us the state of the connection, Metric of the data packet sent or received.
  • RamMap: By the name, it is clear that it maps the utilization of your physical memory, how much ram does a kernel or any other Application Utilizes.
  • AccessChk: This is a great utility if you’re an administrator because this utility tells you regarding the permission (r, w, x) that an account holder for a file, folder, registry, and application, etc.
  • ShellRunas: This utility lets you run as another user under different accounts.
  • PsList: It is a process Utility which will list all current process statistics where you can view details of thread, memory, process tree.
  • Disk2vhd: It creates Virtual Hard Disk (VHD) version of your Physical Hard Disk. These can be used in VM’s (Hyper-V, Oracle VB, VMWare).
  • Process Monitor: This utility is a combination of two utility FileMon and RegMon. This is an advanced monitoring tool for process, file system, the registry in real time. With help of this tool, people are able to search internal behavior of a process

We can also run Sysinternals Live at https://live.sysinternals.com/

I hope this will give you some insight on Sysinternals Utilities. However, there are around 140 utilities available on  https://docs.microsoft.com/en-us/sysinternals/ which are developed by Microsoft and keeps updating on a regular basis.

Wish you all the best with learning!

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel