Explore the potential misuse of Sysinternals tools for malicious purposes in this NolaCon 2017 conference talk. Delve into various internal reconnaissance techniques using PsInfo, PsLoggedOn, AdExplorer, ShareEnum, and TCPView. Learn about execution methods with PsExec and BgInfo, as well as persistence mechanisms utilizing PsPasswd and MoveFile. Discover anti-forensics techniques and methods for detecting Sysinternals usage through registry analysis, ShimCache examination, and Sdelete identification. Gain valuable insights into how attackers might leverage these powerful system utilities and how to defend against such tactics.