Oui ça je sais, je m interrogeais juste sur les 12go de win11, la ste me paraît aberranteje vais rejouer avec sysinternals pour examiner mon pc.

◤◢◣◥ Best Tools to Investigate Computer Security Incidents Part 2: 1. Sysinternals Suite - Windows system analysis. 2. YARA - Malware detection rules. 3. TheHive - Incident case management. 4. Velociraptor - Endpoint investigation. ◥◣◢◤

Fast response dashboard with green checkmarks, Sysinternals tools icons, clock showing 30 minutes, cyber forensic theme, neon accents

Microsoftのエンジニア、たまに有能がおるよな。 WSLとかDev ToysとかPower Toysとかsysinternalsとか。

WSCC 10.0.3.8 (Ang) (13/06/2026) gratilog.net/xoops/modules/m… lancement des utilitaires de Nirsoft et Windows Sysinternals #freeware

🐞 We're excited to release Process Monitor v4.03 with bug fixes! Get the tools at sysinternals.com. See what's new on the Sysinternals Blog: techcommunity.microsoft.com/…

@Sysinternals are you planning an Apple Mac version of Zoomit?

Sysinternals: Autoruns 14.2, ProcDump 12.0, ZoomIt 12.0 und viele weitere Tools mit einem Update [Update] deskmodder.de/blog/2026/06/1…

Task manager annoyingly sanitises results (you'll need sysinternals procmon) there's also many flavours and builds; I doubt everyone is on the latest. RAM spikes caused from MS are usually Defender or Windows Update. 🤷

Active Directory & Internal Network Join my tg for more informatoin t.me/rootacessacademy 1. Impacket A powerful collection of Python scripts for interacting with and attacking Windows network protocols. 2. BloodHound Uses graph theory to reveal the hidden and often unintended relationships and attack paths within an Active Directory environment. 3. CrackMapExec The ultimate swiss-army knife for automating the assessment of large Active Directory networks. 4. NetExec The actively maintained fork of CrackMapExec, keeping the AD pentesting automation alive and updated. 5. Certipy An all-in-one tool for enumerating and abusing vulnerable Active Directory Certificate Services (AD CS). 6. RubeusA C# toolset for raw Kerberos interaction and abuses, perfect for ticket manipulation and attacks. 7. SharpHound The official C# data collector for BloodHound, designed to quickly map out AD trust relationships and ACLs. 8. PowerView A premier PowerShell tool for gaining detailed situational awareness and reconnaissance on Windows domains. 9. Kerbrute A fast and efficient tool to brute-force and enumerate valid Active Directory usernames via Kerberos pre-authentication without triggering lockouts. 10. ADExplorer A lightweight Sysinternals tool for browsing and dumping Active Directory data without needing elevated privileges. 11. Group3r A specialized tool for finding vulnerabilities, secrets, and misconfigurations in Active Directory Group Policies (GPOs).

In the windows kernel, we have many ways to communicate between two unrelated drivers. One of the effective ways I believe is with Callback objects like a producer-consumer model. It's simple and straightforward One driver creates the Callback Object with the name "\\Callback\<name>" by using ExCreateCallback(). Once the callback is created this driver can effectively notify the consumers using ExNotifyCallback(). You can use WinObj(sysinternals tools) to see the callbacks list. The other driver can register the notifications using ExRegisterCallback(). The callback routine is simple - VOID MyCallback( PVOID Context, PVOID Argument1, PVOID Argument2 ); I found this method to be very simple to implement and maintain.

EtherRAT brought blockchain-backed C2 into this intrusion. A malicious MSI masquerading as Sysinternals RAMMap deployed EtherRAT, which used EtherHiding to retrieve Ethereum-hosted C2 config updates before pivoting to TryCloudflare infrastructure. Full report: thedfirreport.com/2026/05/11… #DFIR #ThreatIntel #DigitalForensics

Malware Analysis 1. Volatility— Memory forensics framework for extracting digital artifacts from RAM dumps 2. Volatility3— Next-generation rewrite of Volatility with improved plugin architecture and Python 3 support 3. Radare2— Reverse engineering framework also widely used for malware static/dynamic analysis 4. YARA— Pattern-matching tool for identifying and classifying malware samples based on textual or binary signatures 5. Cuckoo Sandbox— Automated sandbox system for dynamic malware analysis in isolated environments 6. CAPE Sandbox— Cuckoo fork with enhanced capabilities for detecting modern threats and config extraction 7. FLOSS — Automatic string extractor for malicious binaries; finds hidden/obfuscated strings without full decompilation 8. Procmon (Process Monitor)— Windows utility from Microsoft for real-time monitoring of file system, registry, and process activity 9. Autorun Microsoft Sysinternals tool for inspecting Windows auto-start locations and persistence mechanisms 10. PEStudio Static analysis tool for Windows PE files; highlights suspicious indicators without executing the sample 11. Detect It Easy (DiE) File identifier for detecting packers, compilers, linkers, and file signatures 12. Exeinfo PE PE file analyzer for identifying packers, compilers, and entry point characteristics #Analysis #Malware #Windows #Tools #InfoSec #CyberSecurity #ReverseEngineering #ThreatIntel #MalwareResearch #SecurityTools #Forensics #BlueTeam #RedTeam #MrRobot #CyberSec

Today, live from South Korea, we have a presentation by Hakai, with João Pedro Tricta. Zygote is Android’s first process and the template for every app. Its privileged position makes it ideal for system-level injection that can bypass SELinux restrictions. This talk breaks down the end-to-end injection chain, from loader stages to Zygote and process-spawn propagation, then demos my own native and Dalvik (DEX) hooking approach as an alternative to attach-based tools and for research into bypassing RASP protections. João Pedro Tricta is a 20-year-old Brazilian security researcher, malware developer, and Client Applications Squad Leader at Hakai Offensive Security. Passionate about Sysinternals, reverse engineering, low-level internals, and client-side applications, he lives deep in debuggers and disassemblers. When he’s not coding or breaking things, he’s gaming, hanging out with cats, and eating an unreasonable amount of pizza. Linkedin: linkedin.com/in/joão-pedro-… Instagram: @_tricta Data 28/05/2026 - Horário de Brasília 22:45h Agenda: typhooncon.com/2026-agenda/

Sysinternals i procexp the best 😎💪👍