Uncategorized »

My Sessions at RSA Conference US 2014

January 3, 2014 | post a comment | Mark Russinovich

I’m excited to announce that for the third year I’ll be presenting at RSA Conference US, the largest cybersecurity in the world. Like the previous two conferences, I’m delivering a talk in the Industry Experts track, this time on cloud security. I’m also delivering a technical session on the Pass-the-Hash (PTH) threat and how corporations can defend themselves against it, including by leveraging new PTH mitigations available in Windows 8.1 and Windows Server 2012 R2. I’ll of course also be doing a book signing for my novels Trojan Horse and Zero Day. Rogue Code, the third book in the Jeff Aiken series, won’t be out until May.

Here are the session abstracts and times and below them a link to the conference’s full session list.

HTA-W03 Pass-the-Hash: How Attackers Spread and How to Stop Them
Wednesday, February 26, 2014 | 10:40am – 11:40am
Pass-the-hash transforms the breach of one machine into a total compromise of infrastructure. The publication of attacks and lack of tools to respond have forced enterprises to rely on onerous and ineffective techniques. In this talk, we will decompose the PtH threat, show how the attack is performed and how it can be addressed using new platform technologies in Windows 8.1. – See more at: http://www.rsaconference.com/events/us14/agenda/sessions/1061/pass-the-hash-how-attackers-spread-and-how-to-stop#sthash.THva3Ejr.dpuf

EXP-R01 Public Cloud Security: Surviving in a Hostile Multitenant Environment
Thursday, February 27, 2014 | 8:00am – 9:00am
The rise of public cloud computing has brought with it a new set of security and data privacy considerations that are not widely understood. This session will describe public cloud hoster and customer threat models and explain the role in those models of encryption-at-rest, encryption-in-flight and other security best practices.

RSA Conference full session list.

Interview »

Clash of the Titans! Inside Microsoft’s Battle to Foil the NSA

December 29, 2013 | post a comment | Mark Russinovich

Revelations about the expansiveness of the NSA’s data collection operations has raised the question of whether US companies like Microsoft, Google Facebook and others voluntarily put back doors into their software for the NSA or give the NSA unfettered access to customer data. Several weeks ago Microsoft published an official statement on its relationship with the NSA that unequivocally states that Microsoft only shares customer data when required to comply with legal requests and whenever possible notifies targeted customers when it does so. You can read the blog post here:

Microsoft: Protecting Customer Data From Government Snooping

A couple of weeks later WIRED interviewed me on the subject and I reiterated Brad Smith’s comments, explained how a cloud business requires customer trust and discussed the approach Windows Azure takes to secure customer data:

Clash of the Titans! Inside Microsoft’s Battle to Foil the NSA


About the book, Movie »

Jeff Aiken Series Movie Options Sold!

July 21, 2013 | post a comment | Mark Russinovich

I’m thrilled to announce that I’ve sold the movie options for the Jeff Aiken series (Zero Day, Trojan Horse, and the forthcoming Rogue Code)! The buyer has produced several major films and believes in the importance and timeliness of the subject matter. Work on the first movie is starting immediately with the writing of a screenplay and I’ve been signed on as a technical consultant to ensure that the movie is technically accurate. I’ll share more information here as the movie develops.

Cleaning malware »

Learn how to Hunt Down and Kill Malware

June 16, 2013 | post a comment | Mark Russinovich

You’re probably the IT help desk for your family and friends, and might even have an IT role at your company. Malware is a fact of life and learning how to identify it, neutralize and clean it off infected systems can save the time and money of reimaging systems, reinstalling software and restoring data. Even if you decide to reimage a system, having some understanding of malware’s operation can give you confidence that it hasn’t spread to other systems in your network.

In this top-rated session from Microsoft’s TechEd US conference last week, I teach how to use my Sysinternals tools, including Process Explorer, Autoruns and Process Monitor, as well as some tips and techniques targeted at malware, to analyze and eradicate today’s common strains.  You’ll see me use the tools to identify and remove ransomware, fake security software, and even look under the hood at Flame, the cyberweapon that was found last year in Iran and believed to be part of the Stuxnet program of cyberwarfare. With what you learn, you’ll be on the way to becoming a malware cleaning hero.

About the book, Interview »

Government Technology Profile Article

May 27, 2013 | post a comment | Mark Russinovich

Government Technology has published a nice profile of me and my fiction, discussing how Zero Day and Trojan Horse both reflect the reality of the cybersecurity landscape. It includes excerpts from an interview I did for them that explain what motivated me to try my hand at fiction and my experience with the writing process. Check it out:


Trojan Horse »

Executive Order on Improving Critical Infrastructure Cybersecurity

February 13, 2013 | 1 Comment | Mark Russinovich

President Obama highlighted the need for cybersecurity in his 2013 State of the Union Address:

America must also face the rapidly growing threat from cyber attacks.

Now, we know hackers steal people’s identities and infiltrate private e-mails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems.

We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy. That’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information-sharing and developing standards to protect our national security, our jobs, and our privacy.

But now — now Congress must act, as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks. This is something we should be able to get done on a bipartisan basis.

The same day he issued an executive order aimed at information sharing with private industry to improve the cybersecurity of our national critical infrastructure systems.


Interview, Trojan Horse, Zero Day: A Novel »

Interview with From End to Edge

February 13, 2013 | post a comment | Mark Russinovich

Check out how I came up with the titles to my novels and my view on cloud security in this From End to Edge interview with Yuri Duiogenes and Tom Shinder:


Trojan Horse, Zero Day in the news »

Chinese Hackers Breach NY Times

January 30, 2013 | post a comment | Mark Russinovich

In a story that reads like it came strait out of Trojan Horse, the NY Times announced today that it has been infiltrated by Chinese hackers in a campaign that ran over the last several months since the Times readied a story on a the corruption of a Chinese official:

Hackers in China Attacked The Times for Last 4 Months


Speaking events, Trojan Horse »

My Sessions at RSA Conference US 2013

December 22, 2012 | 1 Comment | Mark Russinovich

I’m excited to announce that I’m delivering two sessions at the prestigious RSA Conference on cybersecurity, which takes place in San Francisco from February 25 to March 1. One is Malware Hunting with the Sysinternals Tools, where I teach you how to use several of my popular Sysinternals utilities, including Process Explorer, Process Monitor and Autoruns, to diagnose and clean malware infections. The theme of my second talk, Trojan Horse: The Widespread Use of International Cyber-Espionage as a Weapon, is obviously aligned with that of my novel Trojan Horse.

Here are the session abstracts and times and below them a link to the conference’s full session list.

HTA-R32 – Malware Hunting with the Sysinternals Tools 
Thursday, February 28 09:20 AM – 10:20 AM
This session will provide an overview of several Sysinternals tools, including Process Monitor, Process Explorer and Autoruns, focusing on features useful for malware analysis and removal. We will demonstrate malware-hunting capabilities by presenting several real-world cases that used the tools to identify and clean malware, and conclude by performing a live analysis of current malware samples.

EXP-R35 – Trojan Horse: The Widespread Use of International Cyber-Espionage as a Weapon
Thursday, February 28 01:00 PM – 2:00 PM
Learn how governments including the U.S., Russia, China and Iran, use cyberspace as a theater of cyber warfare and espionage. Understand the trends and where escalation may lead.

RSA Conference full session list.


Operation Desolation »

Winners of the Operation Desolation Cybersecurity Quiz Giveaway

November 18, 2012 | post a comment | Mark Russinovich

I’m pleased to announce the winners of the Operation Desolation Cybersecurity Quiz book giveaway. The competition was strong, with over 700 submissions and many perfect scores. The five winners drawn randomly from the top-scorers are:

  • Jason Stangroome
  • Lee Pillay
  • Kevin Brice
  • Steven Alexander
  • Sajen Jose


Even if you didn’t take the quiz in time to enter the contest, the quiz is still available for you to  test your cybersecurity knowledge.

About Mark

Mark Russinovich works at Microsoft in the Windows Azure product team as a Technical Fellow, Microsoft’s senior-most technical position. Read more...

Contact Mark to
Schedule an Appearance

Upcoming Events

There are no upcoming events at this time.

Recent Press & News

Mark teaches you how to identify and clean malware off your PCs in this on-demand vide: Malware Hunting with the Sysinternals Tools.

Publisher's Weekly reviews Trojan Horse and says:
"Russinovich makes the technical lingo easy to understand as he successfully builds an exciting thriller"