/* ---- Google Analytics Code Below */

Wednesday, July 28, 2021

Process Hacker Detects Intrusions

Some of my work now examines systems security and related issues.  The system mentioned below covers 'Process Hacker', a system that detects and notifies you when background services are added to your systems.   This is an 'expert' thing and not recommending anyone else utilize it, but appears very useful for detecting the kinds of malware now rampant.  Will add later experiences.

https://twit.tv/shows/security-now/episodes/829?autostart=false  Security Now Podcast

Below from: https://www.grc.com/sn/SN-829-Notes.pdf   By Steve Gibson 

Windows’ Process Hacker

The Sentinel Labs guys discovered this whole HP printer driver mess when a tool they had running at the time, known as “Process Hacker” popped up a notification that a new “SSPORT” service had just been created as a result of something they were doing. I, for one, would love the idea of being proactively notified when something has just added a background service or driver to my system. So I wanted to take a moment to shine a light on the tool they used, known as “Process Hacker.”  ... '

Many of us are familiar with Mark Russinovich’s excellent SysInternals tools. “Process Hacker” is immediately reminiscent of Mark’s Process Explorer, so much so that I’m sure Mark’s work was the inspiration behind Process Hacker. But Process Hacker has taken this far further. It looks looks like Process Explorer on steroids. It’s open source, still at sourceforge, but also with a GitHub presence. It runs on anything from Win7 on and is showing a download count of 6.5 million. It shows 34 contributors, 814 forks, and is being actively developed and maintained. It bills itself as “A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.” It’s bullet pointed features

● A detailed overview of system activity with highlighting.

● Graphs and statistics allow you quickly to track down resource hogs and runaway processes.

● Can't edit or delete a file? Discover which processes are using that file.

● See what programs have active network connections, and close them if necessary.

● Get real-time information on disk access.

● View detailed stack traces with kernel-mode, WOW64 and .NET support.

● Go beyond services.msc: create, edit and control services.

● Small, portable and no installation required.

● 100% Free Software (GPL v3)

And it offers a plug-in architecture for extensions. Overall, it looks like a very nice piece of work. If it’s able to sit quietly in the background and alert me when something is setting up permanent residence on any of my Windows machines, that’s something I’d like to have. So, if you haven’t completely given up on the idea that you might still have some remaining shred of control over the machine that’s sitting in front of you, Google “Process Hacker” and you’ll find it.

No comments: