Skip to main content

Mark's Webcasts

Watch free on-demand recordings of Mark’s top-rated presentations from TechEd, BUILD and other conferences on Azure, security, Windows troubleshooting, malware hunting. If you have a question about a topic in any of these webcasts, please visit the Sysinternals Forum for answers and help from other users and our moderators.

Case of the Unexplained

The Case of the Unexplained 2014

The Case of the Unexplained 2013
The Case of the Unexplained 2012
The Case of the Unexplained 2011
The Case of the Unexplained 2010
The Case of the Unexplained 2009
The Case of the Unexplained 2008
Mark’s “The Case of…”  blog posts come alive in these recorded webcasts of his #1-rated TechEd sessions. Learn how to troubleshoot the toughest Windows and application problems by watching Mark use Sysinternals and other advanced tools to solve real-world examples. Be sure to check out all webcasts since they include totally different troubleshooting examples and demonstrate different techniques.

Windows Azure

Public Cloud Security: Surviving in a Hostile Multi-Tenant Environment

The rise of public cloud computing has brought with it a new set of security considerations that are not widely understood. With a unique perspective from working on the security systems of a public cloud, Mark describes public cloud service provider and cloud customer threats, including malicious insiders, shared technology, data breaches, and data loss. For each, he assesses the risks and explores the value of mitigations like encryption-at-rest, encryption-in-flight, and other security best practices, separating hype from reality so that you can make educated decisions as your organization moves to the cloud.

Mark Russinovich and Mark Minasi on Cloud Computing

Join Mark Russinovich and Mark Minasi for a lively discussion as they share their views on the cloud computing disruption and what it means for IT pros and developers. Mark Russinovich brings his perspective from leading Microsoft Azure architecture and Mark Minasi brings his IT expertise and view from outside. The economics of public cloud, future of PaaS and IaaS, how enterprises will bridge their on-premises environments with the cloud, how you should look at security in the public cloud, and what skills are important for IT pros and developers are just some of the areas they explore together.

Infrastructure Services on Windows Azure: Virtual Machines and Virtual Networks

This session gives an overview of the new Windows Azure infrastructure services (IaaS), including support for Windows Server and Linux persistent virtual machines, new networking capabilities for hybrid applications and on-premises/cloud connectivity, and support for applications that consist of PaaS and IaaS roles. Mark explains how IaaS fits into Windows Azure to extend existing server applications to cloud and shows demonstrations of IaaS VM deployment and complex multi-VM applications.

Windows Azure Internals

Mark Russinovich goes under the hood of the Microsoft datacenter operating system. Intended for developers who have already gotten their hands dirty with Windows Azure and understand its basic concepts, this session gives an inside look at the architectural design of the Windows Azure compute platform. Learn about Microsoft’s data center architecture, what goes on behind the scenes when you deploy and update a Windows Azure app and how it monitors and responds to the health of machines, its own components, and the apps it hosts.

Introduction to Windows Azure: The Cloud Operating System

Join Mark Russinovich for an overview of Microsoft’s new cloud OS. Assuming no prior knowledge of Windows Azure, this session will start by explaining the Windows Azure Platform-as-a-Service (PaaS) app philosophy and how it differs from that of traditional server apps. Then, demonstrating key concepts with a real Windows Azure service built and deployed to the cloud, we’ll describe the Windows Azure service model, including concepts like update and fault domains. The session will then conclude by discussing the different service update options and detail the recovery steps Windows Azure follows when it detects that a service or a hardware device has failed.

Inside Windows Azure: The Cloud Operating System

Mark Russinovich goes under the hood of Microsoft’s new cloud OS. Intended for developers who have already gotten their hands dirty with Windows Azure and understand its basic concepts, this session gives an inside look at the architectural design of Windows Azure’s compute platform. You’ll learn about Microsoft’s data center architecture, what goes on behind the scenes when you deploy and update a Windows Azure app and how it monitors and responds to the health of machines, its own components and the apps it hosts.

Channel 9: Mark Russinovich: Windows Azure, Cloud Operating Systems and Platform as a Service

Mark talks about what he’s working on in the Windows Azure team, why the world is moving to the cloud, and what Platform-as-a-Service (PaaS) means and how Windows Azure delivers PaaS.

Windows Internals

Windows 7 Developer Bootcamp: Core Kernel Changes

Mark, Arun Kishan and Landy Wang describe many of the core improvements to Windows that make Windows 7 more reliable, responsive, and scalable than previous versions of Windows. Learn about the kernel dispatcher lock and other parallelization, large page support, memory footprint reduction, NUMA enhancements, and more.

Tech-Ed North America 2011: Mysteries of Windows Memory Management Revealed, Part 1

Tech-Ed North America 2011: Mysteries of Windows Memory Management Revealed, Part 2
If you want to know the difference between System Committed memory and Process Committed memory, wondered what all those memory numbers shown by Task Manager really mean, or want to gain insight into the memory-related impact of a process, then this talk is for you. Watch Mark in this on-demand webcast from North America 2011.

Pushing the Limits of Windows

Watch as Mark explains Windows limits related to object handles, virtual memory and physical memory. Along the way he explains where the limits come from and how to monitor your applications so that you're warned when they approach the limits and so that you can size your systems to accommodate their resource requirements.

Inside Windows Server 2008 R2 Virtualization and VHD Improvements

Mark takes you inside new Windows virtualization and VHD features, including live VM migration, core parking and timer coalescing, hypervisor power management support, and new hardware-assisted guest memory management. He delivers the entire presentation from a Windows installation that was booted from VHD to show you how Windows implements a native VHD stack and how the boot architecture has changed to accommodate booting from VHD images.

Windows Hang and Crash Dump Analysis

Watch the recording of Mark's top-rated TechEd session in this free webcast from Microsoft TechNet. Learn to analyze Microsoft Windows crash dumps, diagnose the cause, pinpoint a solution, and resolve the problem. Intended for system administrators, this webcast explains how system crashes occur and what happens when you reboot a crashed system. Mark leads you through the crash dump analysis process step by step, introducing the latest tools from Microsoft and handy tricks for isolating the cause of a crash.

Channel 9: Mark Russinovich goes Inside Windows 7

Mark talks about kernel changes in Windows 7 and Windows Server 2008 R2, including the removal of the scheduler's dispatcher lock, support for up to 256 CPUs, boot from VHD, MinWin, core parking for power savings and more.

Channel 9: Mark Russinovich: Inside Windows 7 Redux

In a follow-on to the previous Inside Windows 7 discussion, Mark digs into the insides of Windows 7, way deep down in the system (the culmative effects of which help to make Windows 7 Microsoft's most reliable, scalable and efficient general purpose operating system to date).

Channel 9: Mark talks about working at Microsoft, Windows Server 2008's kernel, MinWin vs ServerCore and Hyper-V

Channel 9 chats with Technical Fellow and Sysinternals founder Mark Russinovich to dig a bit into what's new in the Windows Server 2008 kernel. Of course, we talk about many things including HyperV, application virtualization, kernel architecture, and more....

Security

TWC: Pass-the-Hash: How Attackers Spread and How to Stop Them

Pass-the-hash transforms the breach of one machine into total compromise of infrastructure. The publication of attacks, and lack of tools to respond, have forced enterprises to rely on onerous and ineffective techniques. In this session, we deconstruct the PtH threat, show how the attack is performed, and how it can be addressed using new features and functionality recently introduced in Windows.

TWC: Malware Hunting with Mark Russinovich and the Sysinternals Tools

Mark provides an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. He demonstrates their malware-hunting capabilities by presenting several current, real-world malware samples and using the tools to identify and clean malware.

License to Kill: Malware Hunting with the Sysinternals Tools

This session provides an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. You will see demos for their malware-hunting capabilities through several real-world cases that used the tools to identify and clean malware, and conclude by performing a live analysis of a Stuxnet infection’s system impact.

Zero Day: A Non-Fiction View

Mark makes the case for how his hit cyberthriller, Zero Day, is likely to be realized  in non-fiction form in this 20-minute short version of his well-popular RSA Conference session.

Zero Day Malware Cleaning with the Sysinternals Tools

Slides from Mark’s highly-rated Blackhat US 2011 presentation on how to use the Sysinternals tools to hunt down and eliminate malware.

Windows Vista User Account Control Internals

In this TechEd/ITForum session Mark goes inside the various technologies that come under the umbrella name User Account Control (UAC), explaining their role and how the work. Mark concludes with a look at how UAC will affect the evolution of malware.

Channel 9: Mark Talks about Windows Security and Core Architecture

Check out Mark’s Channel 9 interview where he talks about how he got started with Windows internals, new security features in Windows Vista, User Account Control, and what he’s doing at Microsoft.

Defrag Tools

Defrag Tools Shows

Episodes 1 – 12 of the Defrag Tools shows focus on Sysinternals tools. Each episode covers a specific tool used on the tech support show Defrag, covering when and why to use the tools, and providing tips on how to get the most out of them: