PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Sysinternals

From: josh.ciceraro at gmail.com (Josh Ciceraro)
Date: Sat, 13 Feb 2010 09:36:19 -0500
Thanks for info.  I had never heard of the Windows Sysinternals
Administrator's Reference.  Guess I am buying 3 books this weekend!

On Sat, Feb 13, 2010 at 1:02 AM, Jody & Jennifer McCluggage <
j2mccluggage at adelphia.net> wrote:


 I have the 4th edition and plan on picking up the 5th soon.  I have not
read it cover to cover (I am sure I would be much wiser in the ways of
Windows than I am if I would have!) but have found it to be a very valuable
resource into the workings of Windows.  You may want to start with the 5thand only get the 4
th if you think it is necessary after you have finished the 5th. My
understanding is that the editions are cumulative and only drops out
information they think are old and do not have much relevance anymore (e.g.
Windows 3.1, NT 3.5, etc).
*Another book that is particularly pertinent to this thread that you may
want to look into when it comes out is ?Windows Sysinternals Administrator's
Reference? also authored by Mark 
Russinovich<http://www.amazon.com/s/ref=ntt_athr_dp_sr_1?_encoding=UTF8&sort=relevancerank&search-alias=books&field-author=Mark%20Russinovich>.
This book was original supposed to be out last fall but was unfortunately
delayed.  I think it now has a spring release date.  I will definitely be
picking up a copy.* *Jody*




 ------------------------------

*From:* pauldotcom-bounces at mail.pauldotcom.com [mailto:
pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *Josh Ciceraro
*Sent:* Friday, February 12, 2010 8:29 AM

*To:* PaulDotCom Security Weekly Mailing List
*Subject:* Re: [Pauldotcom] Sysinternals



Another tool I like is streams.  You can use this to scan for alternate
data streams.  I found netcat on a box with this once.  On another note, has
anyone ever looked at any of the Windows Internals Books?  I am thinking
about buying the 4th (
http://www.amazon.com/Microsoft-Windows-Internals-4th-Server/dp/0735619174/ref=sr_1_2?ie=UTF8&s=books&qid=1265909914&sr=1-2)
 and 5th (
http://www.amazon.com/Windows%C2%AE-Internals-Including-Windows-PRO-Developer/dp/0735625301/ref=sr_1_1?ie=UTF8&s=books&qid=1265909914&sr=1-1)
 editions

Thanks for the link to the malware analysis video.  I started watching it
last night and what little I saw I liked.  Gonna finish it today at work.


 On Thu, Feb 11, 2010 at 8:52 PM, Tim Mugherini <gbugbear at gmail.com>
wrote:

For those who forget your USB drive of tools while on the job

http://live.sysinternals.com/

Also if you like the tools - I came across this Malware Analysis video
from Mark Russinovich (author of the sysinternals suite) a couple of
years back. For those not familiar with the tools , its definitely
worth a watch.

My personal Fav tool/feature would be the dumping of strings from
volatile memory using process explorer

Here's the video

http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359



On Thu, Feb 11, 2010 at 7:32 PM, Matthew Lye <lyematt at gmail.com> wrote:

I went a cached the site, especially all the source code.
Never know if MS is going to let a good thing keep going.
-Matthew Lye

You can do anything you set your mind to when you have vision,
determination, and and endless supply of expendable labor.
<No trees were harmed during this transmission. However, a great number

of

electrons were terribly inconvenienced>


On Fri, Feb 12, 2010 at 6:41 AM, Jack Daniel <jackadaniel at gmail.com>

wrote:


One thing MS did right when they bought Sysinternals was bundle all of
the tools in a single compressed file for easier download.

So, who else dropped everything a few years ago when the MS
acquisition of Sysinternals was announced and downloaded copies of
everything they could find?

Jack


On Thu, Feb 11, 2010 at 2:23 PM, Josh Ciceraro <josh.ciceraro at gmail.com



wrote:

I always put process explorer on all of my machines.  It puts the task
manager to shame.  Microsoft should be embarrassed.  Psexec is another
awesome tool.  I have just recently started using process monitor and
the
information you can get from it is just awesome.

On Thu, Feb 11, 2010 at 1:34 PM, Butturini, Russell
<Russell.Butturini at healthways.com> wrote:


Absolutely.  Sysinternals tools are the BEST for forensics,
troubleshooting, systems management?Anything under the sun! I use
psinfo,
psloggedon, pslist,listdlls, and logonsessions in my forensics

toolkit,

and
use process explorer as well when investigating malware.



________________________________

From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Tyler
Robinson
Sent: Thursday, February 11, 2010 12:27 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Sysinternals



From both a white and grey hat perspective I love erd commander and
pstools especially psexec I would be lost without psexec.

On Feb 11, 2010 11:23 AM, "Josh Ciceraro" <josh.ciceraro at gmail.com>
wrote:

Hello,

I was wondering if anyone here in the group uses any of the
sysinternals
tools and what are some favorites.  I really like autoruns, process
explorer, and process monitor.  Disk2Vhd seems pretty promising,

though

I
haven't played with it yet.

--
kaizoku Josh

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com





******************************************************************************

This email contains confidential and proprietary information and is

not

to
be used or disclosed to anyone other than the named recipient of this
email,
and is to be used only for the intended purpose of this

communication.





******************************************************************************


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




--
kaizoku Josh

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com





--
______________________________________
Jack Daniel, Reluctant CISSP
http://twitter.com/jack_daniel
http://www.linkedin.com/in/jackadaniel
http://blog.uncommonsensesecurity.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




--
kaizoku Josh

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com





-- 
kaizoku Josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100213/e11ab7aa/attachment.htm
Previous By Date Next
Previous By Thread Next

Current thread: