Malware Hunting with the Sysinternals Tools

[NSG001]

Malware Hunting with the Sysinternals Tools

This session provides an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. Mark Russinovich demonstrates their malware-hunting capabilities by presenting several real-world cases that used the tools to identify and clean malware, and concludes by performing a live analysis of a Stuxnet infection’s system impact.

Interesting Viewing

 

[Deleted member 178]

Lol, i have have all of them

 

[bogdan]

Note: Playing the video inside the browser requires Silverlight but you also have the option to download the video on your PC if you don't have Silverlight installed.

There is also a PDF file available from sysinternals.com that presents the same topic.

An interesting fact: Often, when you kill a malicious process it starts right back. In this case it is much better to suspend malicious processes, since killing them might make another malicious process starting them back.

 

[NSG001]

I downloaded the wmv file and played offline.
Very interesting last portion of video, just did not realise how powerful those sysinternals tools were

 

[Deleted member 178]

Yes, some small free tools combined together do a better job than some paid apps.

 

[MrXidus]

Excellent video just finished watching it then. I underestimated the power of the Sysinternals tools and now I have the graving to go into a clean Virtual machine, infect it and then use SysInternals tools and test all the features Mark showed.

Anyone have a copy of Flame by the way? /sarc

Unless you've already seen him or another presentation of Sysinternals tools, I recommend you watch it.

Thanks for the share.

 

[Deleted member 178]

i saw it too , very informative.

Check Malware Hubs for Flame