CyberRiskLab: Practical intro to Windows Sysinternals
- Date
- 16 April 2026, 12:00–13:30
- Location
- Ångström Laboratory, room 106285 (building 10, floor 6)
- Type
- Workshop
- Lecturer
- Elis
- Web page
- https://www.uu.se/en/department/information-technology/research/cybersecurity/cyberrisklab
- Organiser
- Department of Information Technology
- Contact person
- Anke Stüber
How can you find out if you have malware on your Windows system?
To see what is running on your system, the standard Task Manager is not practical and doesn't show all the info you need. This can let malware hide. Today we learn to use a much better suite of tools, called Sysinternals. First, there will be a brief theoretical overview of some ways malware can hide and gain persistent access over reboots, and why it can be tricky to find and remove. To demonstrate and practise using Sysinternals, there will be a mini CTF where you will try to find hidden "malware" on a virtual machine. Can you find all the secrets?
To participate in the CTF, you will need to:
- Bring a computer with at least 8 GB of RAM.
- Install VirtualBox or VMware to import and run the VM. If you can't install it for some reason, join a friend or join Elis.
Download links:
- VirtualBox (recommended).
- VMware (choose workstation, also you need to log in to download).
Open for all, no registration needed. Bring a friend!