Windows Pstool (macOS)

: Displays who is logged on locally and via resource sharing.

While PsTools are invaluable for defenders, they are also frequently "living-off-the-land" (LotL) tools used by attackers. Windows Pstool

: PsExec can be used by malicious actors to move through a network. : Displays who is logged on locally and via resource sharing

This paper explores the utility of the Windows PsTools suite in enterprise system administration and security forensics. It examines how these lightweight, command-line utilities facilitate remote process management, security descriptor manipulation, and system information retrieval without the overhead of a full management GUI. 1. Introduction command-line utilities facilitate remote process management

: Executes processes on remote systems without manual client installation.