Hey again π
After playing with my tiny Batch script for logging Windows processes (see my last post), I wanted to see how the pros do it.
So, I explored the native Task Manager... and then fell into the rabbit hole of Sysinternals.
π§ͺ What I tried:
Task Manager
_ Good for quick views. But too friendly. I wanted more raw info._Process Explorer (from Sysinternals)
And this is where things got juicy.
- Realtime tree view? βοΈ
- Parent/child process chains? βοΈ
- Tons of columns I had no clue about? βοΈβοΈβοΈ
- Process Monitor I donβt fully understand it yet, but watching file + registry access live? Felt like Wireshark but for the OS.
π€ Key Moments:
- I killed a process and saw the tree adjust in real time. Felt like I was performiing surgery on the OS π
- I learned about
svchost.exeβ still not sure how many of them are βnormalβ - I noticed Chrome runs like 20+ processes for reasons I still donβt get. Is it hungry or paranoid?
π‘ What I learned:
- Tools matter. Even visuual ones like ProcExp can teach a lot.
- Observing is half the battle. The more I watch, the more patterns I start to see.
- Security isn't always about breaking β sometimes it's about noticing.
π§ Next Plan:
Iβm thinking of combining my Batch logger with fltered data from Process Explorer (via CLI or logs?) β or maybe switching to PowerShell for more power and less pain π
Any tips from folks whoβve worked with Windows internals are welcome!
Thanks again for following this clunky but fun journey into cybersecurity from the ground up π§
β Mohammad
Top comments (1)
Really like this post
Please keep your movitvation