Sysmon v6.2, AccessChk 6.20, Sigcheck v2.60, Whois v1.20

Sysmon v6.20 This Sysmon release adds the ability to change the Sysmon service and driver names to foil malware that use them to detect its presence. AccessChk v6.20 This update to AccessChk, a command-line utility that reports effective access and can dump access control lists, fixes a bug in that could cause it to crash…

0

Update: Sysmon v4.12, Autologon v3.1, Sigcheck v2.54, Process Monitor v3.31

Sysmon v4.12 This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, introduces more powerful filtering capabilities, now reports the status of CRL checking and fixes a bug where certain configuration files could cause the driver to blue screen. Sigcheck v2.54 This…


Update: Sigcheck v2.5, Process Explorer v16.11, Whois v1.13, RAMMap v1.5

Sigcheck v2.5This update to Sigcheck, a command-line utility that reports detailed information about images, including their signatures and VirusTotal status, as well as certificate stores, now reports all the signatures of images that have multiple signers. Sysmon v3.21This update fixes a paged pool leak of token objects when image logging is enabled.  Process Explorer v16.11This…


Update: Sigcheck v2.4, Sysmon v3.2, Process Explorer v16.1, Autoruns v13.51, AccessChk v6.01

Sigcheck v2.4This update to Sigcheck, a powerful command-line utility that reports image file and signing information, as well as information on certificates, now has an option that will report any certificates installed on the system that do not chain to one of the certificates in the Microsoft certificate trust list (CTL). It also adds the…


Update: Autoruns v13.5, Sigcheck v2.3, RAMMap v1.4, BgInfo v4.21, Sysmon v3.11, ADInsight v1.2

Autoruns v13.5This update to Autoruns, the most comprehensive autostart viewer and manager available for Windows, now shows 32-bit Office addins and font drivers, and enables resubmission of known images to Virus Total for a new scan. Sigcheck v2.30Sigcheck, a command-line utility for displaying detailed file version information, image signing status, catalog and certificate store contents,…


Update: LiveKd v5.4, Autoruns v13.2, Sigcheck v2.2, Process Explorer v16.05

LiveKd v5.4This update to Livekd, a tool that enables live kernel debugging for Windows systems and Hyper-V guest Windows virtual machines, now includes ‘live dump’ support for generating fast-snapshot crash-consistent kernel dump files using support introduced in Windows 8.1 and Windows Server 2012 R2. Autoruns v13.2In addition to bug fixes to CSV and XML output,…


Updates: AccessChk v5.2; PsExec v2.11; Sigcheck v2.1; VMMap v3.12

AccessChk v5.2: This release of AccessChk, a security command-line utility that reports the effective access and permissions of files, registry keys, processes, and more, adds support for file and printer shares. In addition, it adds filtering options for viewing accesses related to specified accounts and now includes the System Access Control List (SACL) when it…

0

Updates: Process Explorer v16.02, Process Monitor v3.1, PSExec v2.1, Sigcheck v2.03

Process Explorer v16.02: This minor update adds a refresh button to the thread’s stack dialog and ensures that the Virus Total terms of agreement dialog box remains above the main Process Explorer window. Process Monitor v.3.1: This release adds registry create file disposition (create vs open) and a new switch, /saveapplyfilter, which has Process Monitor…

0

Updates: Process Explorer v16.01, Sigcheck v2.02

Process Explorer v16.0: This release fixes a bug that could cause a crash when the VirusTotal column is added to the process view, and another that could cause a crash when verifying digital signatures. Sigcheck 2.02: This release fixes a bug that caused the –u switch to filter results incorrectly.

0

Updates: RAMMap v1.32, Sigcheck v2.01

RAMMap v1.32: This fixes a bug in v1.30 that caused RAMMap to fail on Windows 8. Sigcheck v2.01: This update fixes a bug in the handling of the -u option that sometimes resulted in Sigcheck reporting signed files.

0