Monitor for macOS

Introducing Monitor.app for macOS
March 31, 2017 | by Stephen Davis | Threat Research
As a malware analyst or systems programmer, having a suite of solid dynamic analysis tools is vital to being quick and effective. These tools enable us to understand malware capabilities and undocumented components of the operating system. One obvious tool that comes to mind is Procmon from the legendary Sysinternals Suite from Microsoft. Those tools only work on Windows though and we love macOS. macOS has some fantastic dynamic instrumentation software included with the operating system and Xcode. In the past, we have used dynamic instrumentation tools such as Dtrace, a very powerful tracing subsystem built into the core of macOS. While it is very powerful and efficient, it commonly required us to write D scripts to get the interesting bits. We wanted something simpler. Today, the Innovation and Custom Engineering (ICE) Applied Research team presents the public release of Monitor.app for macOS, a simple GUI application for monitoring common system events on a macOS host.[…]

https://www.fireeye.com/blog/threat-research/2017/03/introducing_monitor.html

https://www.fireeye.com/services/freeware/monitor.html

Syscall-Monitor for Windows

Syscall Monitor is a system monitor program (like Sysinternal’s Process Monitor) using Intel VT-X/EPT for Windows7+

https://github.com/hzqst/Syscall-Monitor

It requires Intel x86/x64 systems with Intel VT-x and EPT support, running Microsoft Windows.

 

SysInternals updated

https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow

https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

SysInternals tools updated

SysIntenals, now acquired by the Microsoft TechNet team, has some new tool announcements:

http://blogs.technet.com/b/sysinternals/archive/2016/01/05/update-sigcheck-v2-4-sysmon-v3-2-process-explorer-v16-1-autoruns-v13-51-accesschk-v6-01.aspx

Sigcheck v2.4
Sysmon v3.2
Process Explorer v16.1
Autoruns v13.51
AccessChk v6.01