Level: Intermediate to Advanced
Several of Sysinternals tools have been updated recently to help deal with the scourge of malware. We will present a brief overview of these Sysinternals tools, focusing on how they deal with viruses, worms, adware and other unwanted intrusions. Then we'll dive deep into some of the Sysinternals tools, including Process Monitor, Process Explorer and Autoruns, focusing on the features useful for malware analysis and removal. These utilities let you perform deep level inspection and control processes, file system and registry activity, and autostart execution points. We'll discuss and demo the tools in action dealing with current real-work malware. We'll also show you some of the malware that can't be fought with current tools, and best practices to avoid infection.
You will learn:
- To understand different types and activities of malware
- To understand the integration of Sysinternals and security software/vendors
- How to leverage the Sysinternals tools to fight malware