I would not be surprised if you didn't have any idea about Microsoft "Sysinternals." But it is not something that you should miss if you're working in Security/Networking/Linux as an Administrator.Why Sysinternals?I know, it is good to know all CMD Commands, but sometimes you may get confused between commands. If you're a beginner, then you have yo learn them, right?So here SysInternal comes into play. It is a collection of advanced system utility. SysInternals can do pretty advanced stuff without any hassle, and it has a size of just a few MBs You should go and explore some of the SysInternal utilities that I have recommended below.Sysinternals Suite
is an entire set of Sysinternals Utility under a single zip.Now, let's get started!
- Process Explorer: This tool is same as task manager, but it includes a vast list of features when compared to task manager. We can view details(CPU Usage, PID, Verified Signer, Company Name for the process) about each operation and verify it from Virus Total (Which is a famous Malware detection Engine) and much more.
- TCP View: This tool is handy when it comes to processing connection view. Eg. We can analyze which process is working on which port and making a connection to which Foreign Address (IP and Port No.) It also tells us the state of the connection, Metric of the data packet sent or received.
- RamMap: By the name, it is clear that it maps the utilization of your physical memory, how much ram does a kernel or any other Application Utilizes.
- AccessChk: This is a great utility if you're an administrator because this utility tells you regarding the permission (r, w, x) that an account holder for a file, folder, registry, and application, etc.
- ShellRunas: This utility lets you run as another user under different accounts.
- PsList: It is a process Utility which will list all current process statistics where you can view details of thread, memory, process tree.
- Disk2vhd: It creates Virtual Hard Disk (VHD) version of your Physical Hard Disk. These can be used in VM's (Hyper-V, Oracle VB, VMWare).
- Process Monitor: This utility is a combination of two utility FileMon and RegMon. This is an advanced monitoring tool for process, file system, the registry in real time. With help of this tool, people are able to search internal behavior of a process
We can also run Sysinternals Live at https://live.sysinternals.com/
I hope this will give you some insight on Sysinternals Utilities. However, there are around 140 utilities available on https://docs.microsoft.com/en-us/sysinternals/
which are developed by Microsoft and keeps updating on a regular basis.Wish you all the best with learning!