Microsoft.com Operations Team Blog
-
Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3
In the first post of this series , I used Autoruns , Process Explorer and VMMap to statically analyze a Stuxnet infection on Windows XP. That phase of the investigation revealed that Stuxnet infected multiple processes, launched infected processes that...(read more)
-
The Zero Day Book Trailer
I just got back the finished version of the video trailer for my new cyber thriller Zero Day , which I think came out awesome! It’s not hard to imagine what a Zero Day movie trailer would look like. Let me know what you think. Zero Day Book Trailer...(read more)
-
Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 2
In Part 1 I began my investigation of an example infection of the infamous Stuxnet worm with the Sysinternals tools. I used Process Explorer , Autoruns and VMMap for a post-infection survey of the system. Autoruns quickly revealed the heart of Stuxnet...(read more)
-
Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1
Though I didn’t realize what I was seeing, Stuxnet first came to my attention on July 5 last summer when I received an email from a programmer that included a driver file, Mrxnet.sys, that they had identified as a rootkit. A driver that implements rootkit...(read more)
-
Zero Day is Here!
I’m excited to announce that my first novel, a cyber thriller entitled Zero Day , is now available at all major book retailers! Zero Day is a book in the style of Crichton and Clancy, weaving technical fact into the story. If you like the Sysinternals...(read more)
-
The Case of the Unusable System
This post continues in the malware hunting theme of the last couple of posts as Zero Day availability draws near (it’s available tomorrow!). It began when a friend of mine at Microsoft told me that a neighbor of hers had a laptop that malware had rendered...(read more)
-
The Case of the Sysinternals-Blocking Malware
Continuing the theme of focusing on malware-related cases (last week I posted The Case of the Malicious Autostart ) as a lead up to the publication on March 15 of my novel Zero Day , this post describes one submitted to me by a user that took a unique...(read more)
-
The Case of the Malicious Autostart
Given that my novel, Zero Day , will be published in a few weeks and is based on malware’s use as a weapon by terrorists, I thought it appropriate to post a case that deals with malware cleanup with the Sysinternals tools. This one starts when Microsoft...(read more)
-
The Cases of the Blue Screens: Finding Clues in a Crash Dump and on the Web
My last couple of posts have looked at the lighter side of blue screens by showing you how to customize their colors. Windows kernel mode code reliability has gotten better and better every release such that many never experience the infamous BSOD. But...(read more)
-
Announcing Zero Day, the Novel!
You’ve seen the news if you’re my friend on Facebook , follow me on Twitter , or subscribe to the Sysinternals blog : I’m proud to announce that my first novel, a cyberthriller entitled Zero Day , is due to be published by St. Martin’s Press in mid-March...(read more)