Malware hunting with the Sysinternals tools
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Malware hunting with the Sysinternals tools | |
|---|---|
| Botnet | Stuxnet |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / North America 2012 |
| Editor/Conference | MSDN |
| Link | http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA302 channel9.msdn.com (channel9.msdn.com Archive copy) |
| Author | Mark Russinovich |
| Type | |
Abstract
“ This session provides an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. Mark Russinovich demonstrates their malware-hunting capabilities by presenting several real-world cases that used the tools to identify and clean malware, and concludes by performing a live analysis of a Stuxnet infection’s system impact.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1145,
editor = {MSDN},
author = {Mark Russinovich},
title = {Malware hunting with the Sysinternals tools},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2012},
howpublished = {\url{http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA302 channel9.msdn.com}},
}