Mark's Events

Upcoming Events

None at this time.

Recent Events

RSA Conference 2012

February 27-March 2, 2012

San Francisco, CA

Zero Day: A Non-Fiction View

Last year, Mark Russinovich published the cyberthriller ‘Zero Day’ chronicling a terrorist scheme to unleash a cyber-apocalypse. In this session, Mark explains the scenario, tools, and techniques that the attackers would have used and their feasibility and risk with demonstrations and references to real-world incidents. He also proposes how we can defend systems against this threat. Spoiler alert!

Mark Russinovich: Zero Day: A Novel

An airliner’s controls abruptly fail mid-flight over the Atlantic. An oil tanker runs aground in Japan when its navigational system suddenly stops dead. Hospitals everywhere have to abandon their computer databases when patients die after being administered incorrect dosages of their medicine. In the Midwest, a nuclear power plant nearly becomes the next Chernobyl when its cooling systems malfunction. At first, these random computer failures seem like unrelated events. But Jeff Aiken, a former government analyst who quit in disgust after witnessing the gross errors that led up to 9/11, thinks otherwise. Jeff fears a more serious attack targeting the United States computer infrastructure is already under way. And as other menacing computer malfunctions pop up around the world, some with deadly results, he realizes that there isn’t much time if he hopes to prevent an international catastrophe. Written by a global authority on cyber security, Zero Day presents a chilling “what if” scenario that, in a world completely reliant on technology, is more than possible today---it’s a cataclysmic disaster just waiting to happen.

Black Hat USA 2011

Workshop: Zero Day Malware Cleaning with the Sysinternals Tools | Session Slides

August 3-4, 2011
Black Hat USA
Las Vegas, NV

Learn how to analyze and clean zero day malware using the Sysinternals tools directly from their author, including Process Monitor, Process Explorer, and Autoruns. By enabling deep inspection and control of processes, file system and registry activity, and autostart execution points, these utilities are useful for everything from day-to-day computer maintenance to advanced system and application troubleshooting. The tools are especially effective for malware analysis and cleaning - so much so that malware commonly tries to prevent their execution. Mark focuses on the features useful for malware hunting, demonstrates their capabilities by presenting real-world cases of the tools being used to identify and clean malware, and concludes with a live analysis of the infamous Stuxnet virus.

Tech-Ed North America 2011

WCL405 | Mysteries of Memory Management Revealed, with Mark Russinovich (Part 1 of 2) | On Demand Session Recording
Breakout Session | 400 - Expert | Windows Client
Wednesday, May 18 | 1:30 PM - 2:45 PM
If you want to know the difference between System Committed memory and Process Committed memory, wondered what all those memory numbers shown by Task Manager really mean, or want to gain insight into the memory-related impact of a process, then this talk is for you. Using various memory analysis tools including: Process Explorer, VMMap, RAMMap, and others to highlight concepts throughout, the presentation starts with an overview of virtual memory management, describing types of process address space memory and how they impact system virtual memory. Then it dives into physical memory management, discussing how Windows manages process working sets, how it keeps track of physical memory, and how memory moves between different states.

WCL406 | Mysteries of Memory Management Revealed, with Mark Russinovich (Part 2 of 2) | On Demand Session Recording
Breakout Session | 400 - Expert | Windows Client
Wednesday, May 18 | 3:15 PM - 4:30 PM
If you want to know the difference between System Committed memory and Process Committed memory, wondered what all those memory numbers shown by Task Manager really mean, or want to gain insight into the memory-related impact of a process, then this talk is for you. Using various memory analysis tools including: Process Explorer, VMMap, RAMMap, and others to highlight concepts throughout, the presentation starts with an overview of virtual memory management, describing types of process address space memory and how they impact system virtual memory. Then it dives into physical memory management, discussing how Windows manages process working sets, how it keeps track of physical memory, and how memory moves between different states.

COS301 | Inside Windows Azure, the Cloud Operating System with Mark Russinovich | On Demand Session Recording
Breakout Session | 300 - Advanced | Cloud Computing & Online Services
Thursday, May 19 | 10:15 AM - 11:30 AM
Join Mark Russinovich, now working on Azure, for an under-the-hood tour of the internals of Microsoft’s new cloud OS. Topics include datacenter architecture, cloud OS architecture, and what goes on behind the scenes when you deploy a service, a machine fails or comes online and a role fails.

WCL304 | Case of the Unexplained 2011: Windows Troubleshooting with Mark Russinovich | On Demand Session Recording
Breakout Session | 300 - Advanced | Windows Client
Thursday, May 19 | 2:45 PM - 4:00 PM
Come hear Mark Russinovich, the master of Windows troubleshooting, walk you through step-by-step how he has solved seemingly unsolvable system and application problems on Windows. With all-new real case studies, Mark shows how to apply the Microsoft Debugging Tools and his own Sysinternals tools, including Process Explorer and Process Monitor, to solve system crashes, process hangs, security vulnerabilities, DLL conflicts, permissions problems, registry misconfiguration, network hangs and file system issues. These tools are used on a daily basis by Microsoft Product Support and have been used effectively to solve a wide variety of desktop and server issues, so being familiar with their operation and application will assist you in dealing with different problems on Windows.