Troubleshooting with the New Sysinternals Administrator’s Reference

Aaron Margosis and I are thrilled to announce that the long awaited, and some say long overdue, official guide to the Sysinternals tools is now available! I’ve always had the idea of writing a book on the tools in the back of my mind, but it wasn’t until a couple of years ago that Dave…


The Zero Day Book Trailer

I just got back the finished version of the video trailer for my new cyber thriller Zero Day, which I think came out awesome! It’s not hard to imagine what a Zero Day movie trailer would look like. Let me know what you think. Zero Day Book Trailer


Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3

In the first post of this series, I used Autoruns, Process Explorer and VMMap to statically analyze a Stuxnet infection on Windows XP. That phase of the investigation revealed that Stuxnet infected multiple processes, launched infected processes that appeared to be running system executables, and installed and loaded two device drivers. In the second phase,…


Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 2

In Part 1 I began my investigation of an example infection of the infamous Stuxnet worm with the Sysinternals tools. I used Process Explorer, Autoruns and VMMap for a post-infection survey of the system. Autoruns quickly revealed the heart of Stuxnet, two device drivers named Mrxcls.sys and Mrxnet.sys, and it turned out that disabling those…


Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1

Though I didn’t realize what I was seeing, Stuxnet first came to my attention on July 5 last summer when I received an email from a programmer that included a driver file, Mrxnet.sys, that they had identified as a rootkit. A driver that implements rootkit functionality is nothing particularly noteworthy, but what made this one…


Zero Day is Here!

I’m excited to announce that my first novel, a cyber thriller entitled Zero Day, is now available at all major book retailers! Zero Day is a book in the style of Crichton and Clancy, weaving technical fact into the story. If you like the Sysinternals tools, the articles I post on this blog, are interested…


The Case of the Unusable System

This post continues in the malware hunting theme of the last couple of posts as Zero Day availability draws near (it’s available tomorrow!). It began when a friend of mine at Microsoft told me that a neighbor of hers had a laptop that malware had rendered unusable and asked if as a favor I’d be…


The Case of the Sysinternals-Blocking Malware

Continuing the theme of focusing on malware-related cases (last week I posted The Case of the Malicious Autostart) as a lead up to the publication on March 15 of my novel Zero Day, this post describes one submitted to me by a user that took a unique approach to cleaning an infection when faced with…


The Case of the Malicious Autostart

Given that my novel, Zero Day, will be published in a few weeks and is based on malware’s use as a weapon by terrorists, I thought it appropriate to post a case that deals with malware cleanup with the Sysinternals tools. This one starts when Microsoft support got a call from a customer representing a…


Announcing Zero Day, the Novel!

You’ve seen the news if you’re my friend on Facebook, follow me on Twitter, or subscribe to the Sysinternals blog: I’m proud to announce that my first novel, a cyberthriller entitled Zero Day, is due to be published by St. Martin’s Press in mid-March. If you like the Sysinternals tools, the articles I post on…