Updates: Handle v4.0. Procdump v7.01, Procexp v16.04, Regjump v1.02, Autoruns v12.03

Handle v4: Handle is a command-line utility that can show which processes have a handle to a file or other resource open, or show all open handles. Version 4 now works with standard-user rights, allowing standard users to identify the handles open by their processes.   ProcDump v7.01: This release fixes several bugs, including one…

0

Updates: Autoruns v12.02, Coreinfo v3.31, Sysmon v1.01, Whois v1.12

Autoruns v12.02: This fixes a bug that could cause Autoruns to crash on startup, updates the image path parsing for Installed Components to remove false positive file-not-found entries, and correctly reports image entry timestamps in local time instead of UTC.   Coreinfo v3.31: This update fixes a bug that could prevent the Coreinfo driver from…

0

New: Sysmon v1.0; Updates: Autoruns v12.01, Coreinfo v3.3, Procexp v16.03

Sysmon v1.0: We’re excited to announce Sysmon, a new Sysinternals utility that monitors and reports key system activity via the Windows event log, including detailed information about process creation, network connections and file creation timestamp changes. With Sysmon installed on your systems, you can collect and analyze these events to identify the presence of attackers,…

0

Mark's Latest Novel and TechEd Presentations Now Available

Mark's Latest Novel, Rogue Code: The third book in Mark’s Jeff Aiken technothriller series was published on May 20. In Rogue Code, Jeff is hired to penetration test the New York Stock Exchange. When he reaches the heart of the trading engine he discovers malware that’s manipulating trades to skim money while blending in with…

0

Updates: Autoruns v12.0, Procdump v7.0

Autoruns v12.0: This release of Autoruns, a Windows application and command-line utility for viewing autostart entries, now reports the presence of batch file and executable image entries in the WMI database, a vector used by some types of malware. Procdump v7.0: Procdump, a utility for capturing process dump files based on CPU, memory, and other triggers,…

0

Updates: AccessChk v5.2; PsExec v2.11; Sigcheck v2.1; VMMap v3.12

AccessChk v5.2: This release of AccessChk, a security command-line utility that reports the effective access and permissions of files, registry keys, processes, and more, adds support for file and printer shares. In addition, it adds filtering options for viewing accesses related to specified accounts and now includes the System Access Control List (SACL) when it…

0

Updates: Process Explorer v16.02, Process Monitor v3.1, PSExec v2.1, Sigcheck v2.03

Process Explorer v16.02: This minor update adds a refresh button to the thread’s stack dialog and ensures that the Virus Total terms of agreement dialog box remains above the main Process Explorer window. Process Monitor v.3.1: This release adds registry create file disposition (create vs open) and a new switch, /saveapplyfilter, which has Process Monitor…

0

Updates: Process Explorer v16.01, Sigcheck v2.02

Process Explorer v16.0: This release fixes a bug that could cause a crash when the VirusTotal column is added to the process view, and another that could cause a crash when verifying digital signatures. Sigcheck 2.02: This release fixes a bug that caused the –u switch to filter results incorrectly.

0

Updates: Process Explorer v16.0, PsPing v2.01

Process Explorer v16.0: Thanks to collaboration with the team at VirusTotal, this Process Explorer update introduces integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus…

0

Updates: Disk2vhd v2.01, PsPing v2.0

Disk2vhd v2.01: This update fixes a bug that could result in Disk2vhd crashing when converting to VHDX format and adds a command-line switch, -c, to have Disk2vhd use online copy instead of Volume Shadow Copy. PsPing v2.0: This is a major release to PsPing, a command-line utility that tests network bandwidth and latency. Version 2.0…

0