一款轻量级的Windows工具,用于检测异常的系统活动。
我一直在开发一个小型Windows工具,旨在帮助识别异常的系统行为——例如意外的进程、奇怪的外部连接,或可能表明系统出现问题的变化。<p>这个工具的目标是构建一个轻量级的应用,以通俗易懂的语言解释活动,而不涉及完整安全套件的噪音或复杂性。目前,它可以突出显示以下内容:<p>- 异常或可疑的进程
- 意外的外部网络活动
- 计划任务的变化
- 与安全相关的系统事件<p>它还将一些行为与常见的MITRE ATT&CK技术进行粗略映射,以提供更多关于可能发生情况的背景信息。<p>这只是我一直在琢磨的个人项目,任何对Windows内部结构、可视化工具或轻量级监控方法感兴趣的人,我都非常欢迎反馈。<p>如果你想尝试一下,可以访问这个链接:www.sapience-tech.com
查看原文
I’ve been working on a small Windows tool to help surface unusual system behaviour — things like unexpected processes, odd outbound connections, or changes that might indicate something isn’t quite right.<p>The goal was to build something lightweight that explains activity in plain language, without the noise or complexity of full security suites. It currently highlights things like:<p>- unusual or suspicious processes
- unexpected outbound network activity
- changes to scheduled tasks
- security‑relevant system events<p>It also loosely maps some behaviours to common MITRE ATT&CK techniques to give a bit more context about what might be happening.<p>This is just a personal project I’ve been tinkering with, and I’d really appreciate feedback from anyone interested in Windows internals, visibility tooling, or lightweight monitoring approaches.<p>If you want to try it, here’s the link: www.sapience-tech.com