What is Windows SysInternals | How to use Windows SysInternals tools | what is sysinternals

This is a short video of only 25 minutes but it will give you a very good idea about a set of tools which is very effective yet many people do not know about it . It used to be called Pstools and later renamed to Windows Sysinternals when Microsoft acquired it .

These are some very good tools which can be used for Malware analysis and DFIR related activities .It can also be used for System/Network related troubleshooting .

Special Thanks to Syed Hasan who put lot of time and efforts in creating this short video for us . We do hope that you will find it very useful.

Session Slide Deck in PDF Format can be downloaded from our Website using the Link Given below . Just Look for the Section GISPP – How to use Windows SysInternals Tools Slide Deck .

bit.ly/GisppGuides

Video Breakdown for the Tools discussed in the video is given below.

00:00 - 02:26 What is Microsoft's Sysinternals
02:27 - 05:25 ProcessExplorer
05:26 - 08:33 Procmon
08:34 - 10:42 Sysmon
10:43 - 12:45 AutoRuns
12:47 - 13:58 PsExec
13:59 - 15:20 TcpView
15:21 - 17:53 PsLoggedOn, LogonSessions
17:54 - 20:07 sDelete (Secure Delete)
20:08 - 22:57 Sigcheck
22:58 - 25:57 Streams

Tools can be downloaded from this site .
docs.microsoft.com/en-us/sysinternals/downloads/

Speakers' Profile :
=============

Syed Hasan has considerable experience with major SIEM solutions like IBM's QRadar, Microsoft's Azure Sentinel, and AV's USM, EDR solutions like VMWare's Carbon Black and CrowdStrike Falcon, and Cloud Security Solutions like AWS GuardDuty. He is also part of an Incident Response team with sufficient experience in Host Forensics and Cloud Forensics in order to respond to threats in a timely manner. As part of his forensics experience, he has good experience in malware analysis, with continuing focus on reverse-engineering malware.

LinkedIn:
www.linkedin.com/in/syedhasan009/

About GISPP
===========
It is an effort by GISPP (Global Information Security Society for Professionals of Pakistan) .GISPP was initiated in 2016 by a group of Pakistani Information Security professionals living and working in Saudi Arabia. You can follow us on our social media links mentioned on our Channel Page .

#SysInternals #DFIR #ProcessExplorer #GISPP #GisppAcademy #GisppTraining #Cybersecurity #Informationsecurity