Mark Russinovich is Chief Technology Officer for Microsoft Azure, Microsoft’s global enterprise-grade cloud platform. A widely recognized expert in distributed systems, operating systems and cybersecurity, Mark earned a Ph.D. in computer engineering from Carnegie Mellon University. He later co-founded Winternals Software, joining Microsoft in 2006 when the company was acquired. Mark is a popular speaker at industry conferences such as Microsoft Ignite, Microsoft Build, and RSA Conference. He has authored several nonfiction and fiction books, including the Microsoft Press Windows Internals book series, Troubleshooting with the Sysinternals Tools, as well as fictional cyber security thrillers Zero Day, Trojan Horse and Rogue Code.
Пікірлер
There was an time that malware was signed with Microsoft CERT!
Helloiamron
I started learning computer science since 9 years old. Now I'm 17 and I'm graduating from the school and going on to a system administrator education program. Mark Russinovich was inspiring me into that for the whole last year :)
Woooooow! Just 2 minutes in and I already like the guy.. where have you been all my life😂
Yeah, 2 min. in and I'm going to switch to Linux...
⭐⭐
My phone Micromax Q382 of IMEI-911467754510476 is stolen itis virus but hackers stollen it from my house
Wow Good Job Mark dont know if I said it before since the winternals days but good job then and now.
Great presentation
Next time worry about Ur own life..dnt look so deep into mine...maybe we should start calling u 007
Where's all Ur processors now lol😅😂? Mr know it all
Scareware????is that what u call urself..lol license to kill I don't think so
Yeah no I are the man aren't you...u just know it all ...well done brother...u carry on sitting there ending processes
busy busy busy
data redundancy makes the wiping easier, in particular in enterprise envioments, not for the rest of us mortals storing an epic Ultima VII saved stage for years now🥴😅
Windows is Spyware
Run RKILL and TRON rather then this crap! They automate every step and DON'T require intervention!! Another way for Microshaft to make money! 👎
Hmmm.... yes, yes, occasional viruses and removed them from friends and family, scratches head...that one; Yea, (Rising AV from China) doesn't like sysinternals and reports sysinternals as a virus, rename it to "sinking". I've been using Sysinternals since the 90's. Knowing when to disconnect (ASAP) the virus from the internet, observe its behaviors, find what its trying to connect back to, or its command and control network, its originating ISP's. domain providers or even proxy TOR nets... for firewall or NETBLOCK blacklisting. I usually use AV to see if I missed something. I rarely wipe a system with an edge to preserving an installation, I otherwise sometimes find it more interesting to observe the behaviors of the windows installation process.
tough crowd 😂. mark is a legend 🙌
This was made when Windows 7 was a thing... It would be nice to have an update, with newer tools...
Wow
Awesome!
Could listen to mark talk about windows all day thanx mark
I think i have a wmi malware but its not showing up in autoruns pls halp!
there is a grayed out wmiprvse service in process explorer and it wont let me look at it there is no verification and i saw two fo the same file then one disappeared.
why is this 3 year old video from 2013 😭
its not in cyber you able to modify the date as well
Aapne aur Microsoft waalo ne badiya taalmel baitha raha garib users ko ullu banane ka... One shows real current status of entries and let u enable/disable them but don't let u delete them ..other one can delete but won't show u real current status of entries. Kya chal Raha sarkar yeh gadbad ghotala? 😅 Tabhi aapka tool suite Microsoft ki site e dikhai deta... Kyun? 😂 Secret Employee ho aap unke? Logon ko pharzi pakane ke liye? 😊 Aur woh Virus scare wala aap hi bhejo hoge phir yahan ..no? Haramkhor tons ke hisab se infection bata Raha tha. Humne bhi saale ko side kar diya... 2-3 dino tak dekhis dhyaan nahin de Raha launda... Khude Pak ke bhag gaya! 😅
O mark Bhai saheb... Why your Autorun showing entries as already checked those entries are actually disabled in registry. Can't your Autorun can verify current status of that entry? Taskmanager says they are disable. But your Autorun showing them all checked mark entries. Kuch najre saani kijiye ish garib ki problem pe bhi. Matlab aapne itna lamba choda video dikha Diya Gyan ka aur humne phir khusi khusi Autorun chala Diya aapka... Aur woh toh sab ko keh Raha enable. 😊
It's from 2013 - 10 yrs late | I wanted somthiing from 2023
pretty neat fun.... Dave Plummer must have had a hand in this latest incarnation 👏
why this n*ga not using the better task manager that he developed?
cuz Microsoft
What's the model of FPGA?
There is no GPU? Not even an iGPU? How is windows doing rendering? Software rendering?
I think you can deactivate internal GPU and Windows still working.
RDP
They are using each cpu there as a pixel of sorts and then loading them, in a pattern, so that it produces a very low res image of sorts in task manager. It's a great way to show off that they have so many cpus.. by the way software rendering back in the 90s was faster than this. Software rendering nowadays for simple windows UI would probably be indistinguishable from GPU speedwize, if the compositor is well written.
Super Mega Godzilla Beast 😂
Task Manager needs more refreshing speed
Could you please point us to the documentation..
This is awesome
Legend ❤
First case beginning: 19:50.
LMAO... Donald Trump uses CAPSLOCK all the time.
So a piece on media/tech that is safe for Linus to handle!
Good one! 😂
@@americafirst1st7 i was afraid someone had already said the joke.
What's the buddy system?
It’s when the malware has multiple files that help one another when you try to kill it on process explorer I believe, he mentioned it in another way. For example, you have an unverified win.exe image and then you choose to kill it, when you do that his buddy steps up in his place , this will keep happening until you know the root cause and eliminate the threat. Mark mentioned that instead of killing the malware you put it to sleep “suspend” it until you fully deal with it. Hope that makes sense
Looks like a hard-boiled detective. How to understand the chaos of events and the web of processes.
But what color was the bug check?
At 26:00, your malware is so bad it is detected just by looking similar to other malware even though you haven't even published it as you say. Also all the malware you examine are super obvious, you make absolutely no effort to analyze something that tries to evade detection. Also everything you say is completely useless if you don't already know beforehand the name of the malware that exists on your pc.
The video has educational purposes dude, calm down.
Thanks for sharing! it looks like a stand-up comedy routine, a really fun and insightful look :) thanks for the sysinternals toolkit, it has saved us innumerable hours of headscratching
Agree, 13 years later and it still applies. Amazing, and an amazing presentation. Tried to use the tools, looking for a solution. Got here, because: My problem is to fix (reinstall) Firewall (with BFE, no end point mappers, now ok),. Firewall getting to Start Pending. Blue screen if service killed. Unfortenatey too deep in the OS now. Worst it is a Core server, 2019 so no troubleshooters works. Cannot stop service, not allowed. Cannot kill, then blue screen. Then I'm stuck on fixing it. Whish I had half of this knowledge. Then probably solved.
. @kimnilsson7501 Are there any new features used in your server that were not available in 2016? If not, then downgrade to 2016. I did this with different software. And work became more predictable, and life became spicier. At least you can make a clone for 2016 and see the difference in behavior.
great video, i just wish it weren't so blurry... Anyone have a fixed version? Maybe one that's been run through a Deblurring AI model?
very, VERY K00L
Yeah that is super annoying.
When will this be available in azure? I’m assuming this will make azure backup redundant? Will all vms get this capability
Can you include a link to your full talk?
I'd love to find out more on Hyperlight are there any links, previews etc. that anyone can share?
The possibility of using GPU for other type of workloads, Infinite! Now the question is how to mass produce efficient GPU's which are energy and business efficient for the masses.