The Sysinternals Suite: A set of legitimate tools designed to make system administrator’s lives easier. However, often times system administrators are not alone: Attackers really love these tools too! This presentation will take a hard look at how attackers, both legal and not, are bending the Sysinternals suite to their will. Without needing any 0-days, custom malware, or advanced knowledge of network topology, attackers are moving through compromised networks with skill and ease. We’re going to expose how attackers are utilizing these tools, and common flaws that we see within many networks. We won’t name names, but it might...