Zero Day Malware Cleaning with the Sysinternals Tools

Black Hat USA 2011

Presented by: Mark Russinovich
Date: Thursday August 04, 2011
Time: 10:00 - 12:30
Location: Milano V - VIII
Track: Applied Knowledge Workshop Alpha

Learn how to analyze and clean zero day malware using the Sysinternals tools directly from their author, including Process Monitor, Process Explorer, and Autoruns. By enabling deep inspection and control of processes, file system and registry activity, and autostart execution points, these utilities are useful for everything from day-to-day computer maintenance to advanced system and application troubleshooting. The tools are especially effective for malware analysis and cleaning - so much so that malware commonly tries to prevent their execution. Mark focuses on the features useful for malware hunting, demonstrates their capabilities by presenting real-world cases of the tools being used to identify and clean malware, and concludes with a live analysis of the infamous Stuxnet virus.

Mark Russinovich

Mark Russinovich is a Technical Fellow in the Windows Azure group at Microsoft working on Microsoft's datacenter operating system. He is a widely recognized expert in Windows operating system internals as well as operating system security and design. He is author of the recently published cyberthriller Zero Day, co-author of the Microsoft Press Windows Internals books, and co-author of the forthcoming Sysinternals Administrator's Reference. Russinovich joined Microsoft in 2006 when Microsoft acquired Winternals Software, the company he cofounded in 1996, as well as Sysinternals, where he authors and publishes dozens of popular Windows administration and diagnostic utilities. He is a featured speaker at major industry conferences including Microsoft's TechEd, WinHEC, and Professional Developers Conference.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats