[German]Microsoft has updated some of the Windows Sysinternals Tools on September 17th/18th, 2020, in which some of the tools were updated and new functions were added. Here is a rough overview.
Advertising
Mark Russinovich had already announced this update on Twitter. The details are described in this Microsoft document.
Here is a short overview of the new features that are also listed in this Techcommunity article.
-
Sysmon v12.0: In addition to several bug fixes, this major update to Sysmon adds support for capturing clipboard operations to help incident responders retrieve attacker RDP file and command drops, including originating remote machine IP addresses.
-
Process Monitor v3.60: This update to Process Monitor, a utility that logs process file, network and registry activity, adds support for multiple filter item selection, as well as decoding for new file system control operations and error status codes.
Advertising
-
Procdump v10.0: This release of Procdump, a flexible tool for manual and trigger-based process dump generation, adds support for dump cancellation and CoreCLR processes.
-
ARM64 ports: In addition, several tools have been newly ported to and are now available for ARM64. These include: AdInsight v1.2, AutoLogon v3.1, Autoruns v13.98, ClockRes v2.1, DebugView v4.9, DiskExt v1.2, FindLinks v1.1, Handle v4.22, Hex2Dec v1.1, Junction v1.07, PendMoves v1.02, PipeList v1.02, Procdump v10.0, Process Explorer v16.32, RegDelNull v1.11, RU v1.2, Sigcheck v2.8, Streams v1.6, Sync v2.2, VMMap v3.26, WhoIs v1.21 and ZoomIt v4.52. Download all ARM64 tools in a single download with the Sysinternals Suite for ARM64.
So far the overview. Sysmon and the Process Monitor might be interesting, but I don't know if the ARM 64 tools are widely used.
Where can I get details and the download?
The Sysinternals tools are available for free download on this website. The detail pages linked above contains a detailled description of the respective tool
Note: At this point I would like to point out that some tools from the Sysinternals suite come with a DLL hijacking vulnerability on board. I pointed this out in the blog post Sysmon v11.0 from Sysinternals tools released.
Advertising