Windows sysinternals

Windows Sysinternals is a set of tools and advanced system utilities developed to help IT professionals manage, troubleshoot, and diagnose the Windows operating system in advanced topics.

The Sysinternals Suite includes:

  • Disk management

  • Process management

  • Networking tools

  • System information

  • Security tools

While built-in and Sysinternals tools are helpful for system administrators, these tools are also used by hackers, malware developers, and pentesters due to the inherent trust they have within the operating system.

Due to the increase of adversaries and malware creators using these tools nowadays, the blue team is aware of possible malicious uses and has implemented defensive controls against most of them.