Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1

Though I didn’t realize what I was seeing, Stuxnet first came to my attention on July 5 last summer when I received an email from a programmer that included a driver file, Mrxnet.sys, that they had identified as a rootkit. A driver that implements rootkit functionality is nothing particularly noteworthy, but what made this one…


Zero Day is Here!

I’m excited to announce that my first novel, a cyber thriller entitled Zero Day, is now available at all major book retailers! Zero Day is a book in the style of Crichton and Clancy, weaving technical fact into the story. If you like the Sysinternals tools, the articles I post on this blog, are interested…


The Case of the Unusable System

This post continues in the malware hunting theme of the last couple of posts as Zero Day availability draws near (it’s available tomorrow!). It began when a friend of mine at Microsoft told me that a neighbor of hers had a laptop that malware had rendered unusable and asked if as a favor I’d be…


The Case of the Sysinternals-Blocking Malware

Continuing the theme of focusing on malware-related cases (last week I posted The Case of the Malicious Autostart) as a lead up to the publication on March 15 of my novel Zero Day, this post describes one submitted to me by a user that took a unique approach to cleaning an infection when faced with…