Monitor for macOS

Introducing for macOS
March 31, 2017 | by Stephen Davis | Threat Research
As a malware analyst or systems programmer, having a suite of solid dynamic analysis tools is vital to being quick and effective. These tools enable us to understand malware capabilities and undocumented components of the operating system. One obvious tool that comes to mind is Procmon from the legendary Sysinternals Suite from Microsoft. Those tools only work on Windows though and we love macOS. macOS has some fantastic dynamic instrumentation software included with the operating system and Xcode. In the past, we have used dynamic instrumentation tools such as Dtrace, a very powerful tracing subsystem built into the core of macOS. While it is very powerful and efficient, it commonly required us to write D scripts to get the interesting bits. We wanted something simpler. Today, the Innovation and Custom Engineering (ICE) Applied Research team presents the public release of for macOS, a simple GUI application for monitoring common system events on a macOS host.[…]

Syscall-Monitor for Windows

Syscall Monitor is a system monitor program (like Sysinternal’s Process Monitor) using Intel VT-X/EPT for Windows7+

It requires Intel x86/x64 systems with Intel VT-x and EPT support, running Microsoft Windows.


SysInternals updated!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow

SysInternals tools updated

SysIntenals, now acquired by the Microsoft TechNet team, has some new tool announcements:

Sigcheck v2.4
Sysmon v3.2
Process Explorer v16.1
Autoruns v13.51
AccessChk v6.01