Hey again 👋
After playing with my tiny Batch script for logging Windows processes (see my last post), I wanted to see how the pros do it.
So, I explored the native Task Manager... and then fell into the rabbit hole of Sysinternals.
🧪 What I tried:
Task Manager
_ Good for quick views. But too friendly. I wanted more raw info._Process Explorer (from Sysinternals)
And this is where things got juicy.
- Realtime tree view? ✔️
- Parent/child process chains? ✔️
- Tons of columns I had no clue about? ✔️✔️✔️
- Process Monitor I don’t fully understand it yet, but watching file + registry access live? Felt like Wireshark but for the OS.
🤔 Key Moments:
- I killed a process and saw the tree adjust in real time. Felt like I was performiing surgery on the OS 😄
- I learned about
svchost.exe— still not sure how many of them are “normal” - I noticed Chrome runs like 20+ processes for reasons I still don’t get. Is it hungry or paranoid?
💡 What I learned:
- Tools matter. Even visuual ones like ProcExp can teach a lot.
- Observing is half the battle. The more I watch, the more patterns I start to see.
- Security isn't always about breaking — sometimes it's about noticing.
🧭 Next Plan:
I’m thinking of combining my Batch logger with fltered data from Process Explorer (via CLI or logs?) — or maybe switching to PowerShell for more power and less pain 😅
Any tips from folks who’ve worked with Windows internals are welcome!
Thanks again for following this clunky but fun journey into cybersecurity from the ground up 🧠
– Mohammad
Really like this post
Please keep your movitvation