Sysinternals

Sigcheck

Sigcheck is a command-line utility tool from Sysinternals that displays detailed information about digital signatures, file versions, and other metadata for files on Windows systems. It can be used to verify the integrity of system files and identify potentially malicious files on a system.

sigcheck -u -e [directory of choice]

Streams

Alternate Data Streams (ADS) on Windows are a feature that allows additional data to be stored in a file's metadata. This data can be invisible to most users and can be used to hide information or execute malicious code. The streams can be accessed using a filename syntax that includes a colon and a stream name after the filename.

And knowing this, streams is a command-line tool from Sysinternals that can display and manage alternate data streams on Windows. It allows users to view, create, and delete alternate data streams and can be used to detect and investigate potentially malicious streams on a system.

Tcpview

TCPView is a utility tool from Sysinternals that provides real-time information about active TCP and UDP network connections on a Windows system. It can be used to monitor network activity, identify processes that are initiating network connections, and view detailed information about each connection, such as local and remote IP addresses, ports, and the status of the connection.

Autorun

Autoruns is a powerful utility tool from Sysinternals that displays all the programs and services configured to run automatically on a Windows system during startup. It provides a comprehensive view of all auto-start locations, including the Registry, Startup folder, and scheduled tasks, and allows users to disable or remove unwanted or malicious entries that can slow down the system or compromise security.

Process Explorer

Process Explorer is a powerful utility tool from Sysinternals that displays detailed information about running processes and system resources on a Windows system. It provides a comprehensive view of system activity, including CPU, memory, disk, and network utilization, and allows users to explore the relationships between processes and view detailed information about each process, such as loaded DLLs, open files, and network connections. Colour wise:

• Purple : files may be packed

• Red : the process is exiting

• Green : the process was just loaded

• Light blue : the process was started by the same account that started the explorer.exe process

• Dark blue : the process is selected (GUI)

• Pink : the process is a service

• Grey : the process is suspended

Process Monitor

Process Monitor is a powerful utility tool from Sysinternals that captures real-time system activity, including file system, registry, process, and network activity, on a Windows system. It allows users to troubleshoot and diagnose a wide range of system issues, such as application errors, file permission problems, and malware infections.

Psexec

PsExec is a command-line utility tool from Sysinternals that allows users to execute processes on remote systems as if they were running locally. It provides a powerful and flexible way to manage remote systems and automate administrative tasks, such as running scripts, installing software, and performing system maintenance.

WinObj

WinObj is a powerful utility tool from Sysinternals that displays information about Windows objects, such as processes, threads, modules, file handles, and registry keys, on a Windows system. It allows users to explore the Windows object namespace and view detailed information about each object, such as security permissions, attributes, and relationships to other objects.

RegJump

RegJump is a command-line utility tool from Sysinternals that allows users to quickly navigate to a specific registry key in the Windows Registry. It provides a convenient way to jump to a desired location in the registry without having to navigate through the registry hierarchy manually.

Strings

Strings is a command-line utility tool from Sysinternals that searches for and extracts ASCII and Unicode strings from binary files, such as executables, DLLs, and other types of files, on a Windows system. It helps users to identify and extract relevant text strings from binary files, which can be useful for various purposes, such as malware analysis and reverse engineering.