Sysinternals Suite
Featured⚖️ Dual Use · C/C++
Sysinternals is a suite of advanced system utilities by Microsoft, used daily by system administrators worldwide. However, tools like PsExec (remote command execution), ProcDump (memory dumping), and Autoruns (persistence detection/creation) are heavily used in offensive operations. PsExec in particular is one of the most common lateral movement tools observed in real-world intrusions. Attackers use legitimate, Microsoft-signed binaries to blend in with normal administrative activity.
Use Cases
- Remote command execution via PsExec
- Process memory dumping with ProcDump (credential extraction)
- Persistence discovery and creation via Autoruns
- Network connection monitoring with TCPView
- System administration and troubleshooting
Tags
Details
- Category
- ⚖️ Dual Use
- Language
- C/C++
- Repository
- MicrosoftDocs/sysinternals
Platforms
More in Dual Use
ProxyChains-ng
CForce any TCP connection through SOCKS4/5 or HTTP proxies. Chain multiple proxies for anonymity.
Socat
CMultipurpose relay tool. Bidirectional data transfer between two data channels — sockets, files, pipes, devices.
ngrok
GoExpose local servers to the internet via secure tunnels. Instant public URLs for localhost services.
Rclone
Gorsync for cloud storage. Sync, copy, and mount 70+ cloud providers. Command-line Swiss army knife for cloud data.
GTFOBins
ShellCurated list of Unix binaries that can be used to bypass security restrictions. Living off the land, documented.
LOLBAS
ShellLiving Off The Land Binaries, Scripts and Libraries for Windows. Documenting every Windows binary with offensive potential.