Updates: Autoruns v11.6, Procexp v15.31, Procmon v3.05, Sigcheck v1.92

Autoruns v11.6: Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points.  This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc output. Sigcheck v1.92: Sigcheck is a command-line utility for reporting image version and signature information.  With this…


Updates: Autoruns v11.5, Du (Disk Usage) v1.5, Procdump v5.14, Procmon v3.04, Ru (Registry Usage) v1.0

Autoruns v11.5: This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved to navigate directly to files rather than their parent directory. Disk Usage…


The Case of the Unexplained FTP Connections

A key part of any cybersecurity plan is “continuous monitoring”, or enabling auditing and monitoring throughout a network environment and configuring automated analysis of the resulting logs to identify anomalous behaviors that merit investigation. This…(read more)


Updates: Handle v3.5, Process Explorer v15.22, Process Monitor v3.03, RAMMap v1.21, ZoomIt v4.3

Handle v3.5: This update to Handle, a command-line utility that lists open handles, uses the most recent Process Explorer driver so that it now resolves system process handles and types. Process Explorer v15.22: This release addresses a bug that caused Process Explorer to crash when viewing .NET thread stacks of 64-bit Windows XP and 64-bit…


Updates: Autoruns v11.32, Process Explorer v15.21, Process Monitor v3.02, PSKill v1.15, RAMMap v1.2

Autoruns v11.32: This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected. Process Explorer v15.21: This update fixes a bug related to the autostart functionality introduced in v15.2, a tooltip display bug, and a bug that prevented display of kernel stacks. Process Monitor v3.02: This release…