Skip to content

Tools

Event Viewer

This is a built in tool for monitoring the local system. Exploration and familiarization of this tool is crucial in understanding an attack on the system.

For a gentle introduction follow along with:
Event Viewer Walkthrough

Autoruns

This tool is used to display what programs are configured to run at boot. This can be very useful in detecting malicous scripts as well as minimizing attack surface.

Familiarization of this tool, as well as, the knowledge of which scripts are necessary to the machine could be crucial.

Check out this video for a guided approach:
Advanced autoruns tutorial

Process Viewer

This tool can be used to monitor all processes and view some information about what that process is doing, for example what files they have open.

Follow along with:
Process Viewer Guide

TCP View

This tool provides detailed information about the network communications of the local computer and can be used to monitor for malicious programs attempting to steal data

For a brief overview:
TCP View overview

AD Password Control & Bulk Password Control

This tool is designed to allow for Domain wide account control and includes a random password generator.

For the basic functionality:
Password Control

For bulk control:
Bulk Password Control