Cyber Defense

Windows Exploratory Surgery with Process Hacker

A popular evening talk I've given at a number of SANS conferences is entitled Windows Exploratory Surgery with Process Hacker. I've obtained permission to redistribute it in electronic form, so you can now get the PDF with full notes, if you wish, inside the SEC505 zip file (look in the \Extras folder).

Process Hacker is a free, open source, graphical process investigation and management tool for Windows. It is similar to Sysinternals Process Explorer, but a bit more fun (both tools are simply great though). Process Hacker is useful for analyzing malware, troubleshooting, and understanding how Windows works at a deeper level. We use it in my six-day Securing Windows with PowerShell course at SANS too (SEC505).

The Exploratory Surgery talk is an introduction to Process Hacker, an overview of some Windows internals as background information for many SANS courses, and some examples how one might analyze malware with the tool.

As always, if you find a technical error in the PDF, please let me know!

Jason Fossen
Securing Windows with PowerShell (SEC505) at SANS



Posted February 27, 2016 at 6:35 PM | Permalink | Reply


Jason is a beast''.want to know more

Posted February 28, 2016 at 8:38 PM | Permalink | Reply


Jason thanks a lot for sharing this valuable talk

Post a Comment


* Indicates a required field.