In this first part will be focusing on Process Explorer and how to leverage it functionalities to hunt for suspicious processes and malware. ![]() The Sysinternals suite contains more than 70 tools, in this malware series we’ll be taking a look at three in particular: Process Explorer, Procmon and Autoruns. They were initially conceived and developed to help administrators and developers in their activity, but over the years’ multiple capabilities have been added and tools have been created to aid malware analysts in finding malicious behavior. The Sysinternals tools were created by Mark Russinovich and Bryce Cogswell. Initial assessment must be done to determine if something is malicious or not and tools like pestudio or VirusTotal can be used to make a quick assessment of malware samples statically.īut in cases where we’re analyzing machines that were already infected with malware or we’re doing some dynamic analysis, tools like Process Explorer or Autoruns from Windows Sysinternals are the go to solution to get started. To face threats like these, malware analyst must be able to identify malware as quickly as possible when analyzing infected machines or doing dynamic analysis. ![]() In the last decade we’ve seen a surge in malware activity from targeted attacks like stuxnet to ransomware like WannaCry and many more in the recent years. Hunting Malware with Windows Sysinternals - Process Explorer
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |