SysInternal: A Tool for Every IT Administrator
I will not be surprised if don't have any idea about Microsoft "Sysinternals". But it is not something that you should miss if you're working in Security/Networking/Linux as an Administrator.
I know It is good to know all CMD Commands but sometimes you may get confused between commands. If you're a beginner then you have yo learn them, right?
So here SysInternal comes into play. It is a collection of advanced system utility. SysInternals can do pretty advanced stuff without any hassle and it has a size of just a few MBs You should go and explore some of the SysInternal utilities that I have recommended below.
Sysinternals Suite Is an entire set of Sysinternals Utility under a single zip.
Now, let's get started...
- Process Explorer: This tool is same as task manager but it includes a vast list of features when compared to task manager. We can view details(CPU Usage, PID, Verified Signer, Company Name for the process) about each process and verify it from Virus Total (Which is a popular Malware detection Engine) and much more.
- TCP View: This tool is very useful when it comes to a process connection view. eg. We can analyze which process is working on which port and making a connection to which Foreign Address (IP and Port No.) It also tells us the state of the connection, Metric of the data packet sent or received.
- RamMap: By the name, it is clear that it maps the utilization of your physical memory, how much ram does a kernel or any other Application Utilizes.
- AccessChk: This is a great utility if you're an administrator because this utility tells you regarding the permission (r, w, x) that an account holder for a file, folder, registry, and application etc.
- ShellRunas: This utility lets you run as another user under different accounts.
- PsList: It is a process Utility which will list all current process statistics where you can view details of thread, memory, process tree.
- Disk2vhd: It creates Virtual Hard Disk (VHD) version of your Physical Hard Disk. These can be used in VM's (Hyper-V, Oracle VB, VMWare).
- Process Monitor: This utility is a combination of two utility FileMon and RegMon. This is an advanced monitoring tool for process, file system, the registry in real time. With help of this tool, people are able to search internal behavior of a process
We can also run Sysinternals Live at https://live.sysinternals.com/
I hope this will give you some insight on Sysinternals Utilities. However, there are around 140 utilities available on https://docs.microsoft.com/en-us/sysinternals/ which are developed by Microsoft and keeps updating on a regular basis.
Wish you all the best with learning!
Do you like to write about your infosec knowledge, skills, opinions, or exploits?
Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!