Skip to main content
To Customer Support To Customer Support
17th February 2017  By Mike Williams

 

Microsoft Sysinternals has shipped Sysmon 6.0, a powerful system monitor for Windows.

 

The new release can log processes which are accessing other processes, a simple way to detect automated Mimikatz-like credential dumping.

 

Sysmon logs Registry object creates, deletes, value sets and renames, and these all now use "friendly" key names for improved readability.

 New named pipe events ("Pipe Created" and "Pipe Connected") may help you spot communications between separate malware processes.

 

Sysmon configuration changes are now logged as a separate event, making it much more difficult for anyone or anything else to secretly change your setup.

 

Full Article
Update: Sysmon v6, Autoruns v13.7, AccessChk v6.1, Process Monitor v3.32, Process Explorer v16.2, LiveKd v5.61, and BgInfo v4.21

https://blogs.technet.microsoft.com/sysinternals/2017/02/17/update-sysmon-v6-autoruns-v13-7-accesschk-v6-1-process-monitor-v3-32-process-explorer-v16-2-livekd-v5-61-and-bginfo-v4-21/
Just run the Sysinternals Updater app periodically and you will always be up to date with the greatest & best from Mark Williams & the Team. ;)
PortableApps Portable

Process Explorer

https://sourceforge.net/projects/portableapps/files/Process%20Explorer%20Portable/ProcessExplorerPortable_16.20_Rev_2_online.paf.exe/download

Process Monitor

https://sourceforge.net/projects/portableapps/files/Process%20Monitor%20Portable/ProcessMonitorPortable_3.32_online.paf.exe/download

Autoruns

https://sourceforge.net/projects/portableapps/files/Autoruns%20Portable/AutorunsPortable_13.7_English_online.paf.exe/download
Indeed...but if you run the Sysinternals Updater even with the ZIP version of the Sysinternal Portable version it will update the portable version...so personally I find that a more satisfactory way pf making sure that I have the latest & the best from Sysinternals. ;)

Reply


Terms & Conditions