Sysinternals

detecting-rootkit-activity is a Malware Analysis skill for finding rootkit indicators such as hidden processes, hooked system calls, altered kernel structures, hidden modules, and covert network artifacts. It uses cross-view comparison and integrity checks to help validate suspicious hosts when standard tools disagree.

analyzing-malware-persistence-with-autoruns is a Sysinternals Autoruns skill for malware analysis. It helps you inspect Windows persistence in Run keys, services, scheduled tasks, Winlogon, drivers, and WMI, using a repeatable workflow with CSV exports, suspicious-entry review, and report-ready findings.