Time
4 hours 51 minutes
Difficulty
Beginner
CEU/CPE
5

Video Transcription

00:00
Now we're gonna talk about Tool. We're gonna spend a little bit of time in R V M S O. If you ask 10 system men's, what tools you need, you will get 10 answers on they will be different. That being said I again my experiences since Edmund was almost exclusively working with Windows systems. So the tools I selected today are tools that I'm very familiar with. From that perspective,
00:19
we're gonna talk about him kind of briefly, and we're gonna spend some time in the PM looking at him. So assist internals is not actually a tool. It's a suite of tools. It's a ton of tools. I actually was going to demonstrate was gonna include all of the names on this slide, and it was about three times the height of the slide.
00:34
It is a massive list, and the reason for that is because CeCe internals didn't They started out as basically I think was rescinded. *** created them as basically just these these quality of life improvements to find out information from underneath the hood of windows without having to go through. You know, the command line into all this really complex work.
00:52
So it created these tools. Just identify information about it, so access check access enumeration. See what discs are loaded seeing what disc is being used Seeing You know how your hard drive usage looks, Which is what disc use. It actually is.
01:04
Just all sorts of information. We're gonna look at a couple of hours right now.
01:08
So here, you see what I see? If I could bring back up here, you see my Windows 10 B m. Again, This is a really fantastic thing that Windows provides for used for building APS and just designing his free V EMS.
01:19
You're gonna assist internal sweet again. You can see it's just this crazy long list on we're gonna do. We're gonna pop open a shell here,
01:29
minimize that we're gonna pop open the shell here. We're gonna have a look at a few of these from that perspective. So and I like the background just interject real quick background. It's actually from the Golden Compass. If any of you, if you've not read that book, is absolutely fantastic. Book
01:44
just
01:45
for a fungi toe
01:48
complete. Completely relevant. Thio. Absolutely. It's my favorite, but books and desktop background are critical component All right, I'm gonna have to do this a little bit differently because I created a link that did not want to do what I wanted.
02:01
User, I think I got started here.
02:06
No, stop that.
02:08
So what was she was doing that I was gonna touch on the fact that you need to be adaptable as well as this assignment. So, you know, as Joe just kind of mentioned, like, something wasn't working or the link didn't work, you know? And he just kind of adapted immediately and started doing, you know, going through the process of fixing the issue. So especially if you want to teach people live courses, think people always go wrong.
02:29
It's very important to be able to kind of roll with that punch and play around with it.
02:32
So let's let's give a good example here of something that is
02:37
Olympics utility. They got ported over the windows to do that.
02:40
So first we gonna clear the screen a little bit,
02:44
will maximize this and zoom in so that you all can see.
02:47
So I see 11 question real quick from Vincent, while means it is the missus. Internals is at an open source or is that internal cyst? Internals is completely free. You can download it if you just Google searches His internals. It was originally developed by believe it was Zenovich. Microsoft actually bought all of the ownership of it and took over it
03:07
specifically because it's such a phenomenal tool Sweet, that they just wanted to own and be able to provide it.
03:12
So it's completely free. You can download the entire sweeter get download specific components of it or individual executed ALS. Whatever you need to do,
03:19
I'm gonna zoom. That's just a little bit more.
03:23
That font is a very big
03:25
try. 36 Do you promise, Joe, that we're not actually hacking like the government systems right now? We're promised nothing ever. So P s list P s list is just a process listing tool. It works very similarly to the Windows Command that you know his task list. If you know that command. So we'll show you that one first. Actually, to give you a sense of task list
03:44
shows you all of your running programs and it gives you a little bit of information about them. It shows you their memory, usage, their process. I d session name, session number.
03:52
So that's the built in windows tool,
03:55
the window cyst Internals here that we have P s list.
04:00
Now you can see it shows us some of the same stuff, but also gives us a little bit more information. For example, some of these functions that were some of these processes that were being displayed by your task list it basically not to get too technical, but how it works. But essentially, it hooks in a lower level than the task list does. And so it sees processes that may not be displayed by task list
04:19
It also, you can see, gives a little bit more information about them.
04:23
It gives you a priority privilege. It gives all sorts of sort of data about that their CPU usage. So it's a very useful tool that's very simple to use, and you can use once you've integrated. It works just like task list does now to show you home or graphical toe in a little bit more dramatic looking tool.
04:40
Which one are you up here?
04:43
Auto runs, so water runs
04:46
does pretty much what it sounds like. What auto runs does is it actually displays all of the programs and all of the executed balls that are designed to run automatically when your computer logs in.
04:56
So here we see sis internals out of log, in or out. It runs. Rather
05:00
Now you've got all these auto run entries that are being displayed, and we're gonna talk about those very briefly. Now, this h k l M software classes. This this is called a registry key
05:08
on. We're not gonna get super into how the registry works right now, because that's the subject of Windows course, but essentially was happening. His auto runs is going into this giant storage center on what is this big database of all of basically all the process and all the controls that Windows has implemented. And it's finding all of the keys that corresponds to running automatically,
05:25
and it's pulling all of us up and displaying them to you.
05:28
This is something that I've used very often when I'm hunting for viruses or when I'm hunting for malware finding Okay, this is starting automatically. I don't know what it is. I can look that up, but I can identify. Okay, this is a problem. This is a dangerous tool is doing something I don't want to do.
05:41
It's a very easy display. You don't have to know how to use the command line for it. You've got all sorts of information with Log on Explorer. It's slow load because, in fact they were on a V M while also doing video camera.
05:51
Um,
05:53
but that's the general, you know. That's the way it's. That's the way it's designed to work.
05:57
So you got your scheduled tasks here, which are really important. Ah, lot of malware will add itself to the schedule task, so be ableto identify it pretty easily.
06:04
You've got drivers, Codex, all sorts of information,
06:08
and this is again just one of the many tools it's in. This is internal sweet assistant turtle. Sweetest, massive.
06:14
Unfortunately, because of the fact that we do have time limits on this video, we're not gonna be able to go through all of these. But I highly highly recommend that when you pull down this PM, you also pulled on s'est internals and just mess with all of them
06:23
and the windows documentation for those who is also very salty.
06:26
Now, the next one we actually already showed you, which is power shell. Now, Power shell is a command prompt. It's built on top of the windows. Native man problem. It had some linens commands, some better scripting and a bunch of quality of life upgrades. That this behind the folder there, this is Power show. So L s, which is a menace. Command is implemented to work in windows with that,
06:46
uh, Peter de
06:47
all sorts of things. One of the nice things. If you're someone like me who bounced between windows and UNIX systems a lot,
06:53
you often made the C. L s clear mistake,
06:56
which is to say C l s is the windows way to clear Street
06:59
and clears the Lenox way.
07:00
What's awesome is that with power shell both of those works, so that this doesn't matter to 99% of people. But I can tell you from my experiences is to send men that is my greatest nuisance. And the fact that power shall solves that
07:12
converted me instantly. The first time I used it

Up Next

Introduction to IT & Cybersecurity

In this FREE IT and cybersecurity training for beginners, you will learn about the four primary disciplines of information technology (IT) and cybersecurity. This introduction to IT course is designed to help you decide which career path is right for you.

Instructed By

Instructor Profile Image
Joe Perry
Senior Technical Instructor at FireEye, Inc
Instructor
Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor