Update: Sysmon v3.1, LogonSessions v1.3, VMMap v3.21

Sysmon v3.1This update to Sysmon, a background service that logs security-relevant process and network activity to the Windows event log, adds information about the thread initialization function for CreateRemoteThread events, including the DLL and function name and address. It also changes the format of timestamps to allow for simple string sorting and fixes several bugs….


Update: LogonSessions v1.21 and an article on the usage of VMMAP

LogonSessions v1.21: This fixes a bug that prevented logonsessions from showing full token information in some cases on 64-bit windows. Microsoft CLR Team Blog Post on VMMap and Managed Code: The Microsoft CLR Team has written a great article explaining how to use VMMap to analyze the working sets of managed code (.NET) processes.  

0

Updates: LiveKd v4.0, AccessChk v5.0, LogonSessions v1.2 and serveral PsTools and a new Mark's Blog Post - The Case of the Printing Failure

Mark’s Blog: The Case of the Printing Failure – Mark’s most recent post in the Case of the Unexplained series describes the troubleshooting steps, which include use of Procdump and Process Monitor, an administrator went through when printing failed on one of the systems in their network. AccessChk v5.0: A command-line tool for viewing the effective…

0