Mitigating "Pass the Hash"…

Microsoft’s Trustworthy Computing (TWC) has just published a whitepaper, Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques, of which I am a co-author.  It discusses PtH attacks against Windows operating systems, how the attack is performed, and recommends mitigations for PtH attacks and similar credential theft attacks.  You can download it from the link…


Using NTFS Junctions to Fix Application Compatibility Issues on 64-bit Editions of Windows

Executive Summary This paper describes a simple way to mitigate some types of application compatibility problems with legacy applications installed on 64-bit editions of Windows Vista and newer, including Windows 7 and Windows 8. The technique relies on creating an NTFS junction or symbolic link, effectively “joining” two otherwise separate directory structures. The paper provides…


LUA Buglight 2.2 with support for Windows 8

Announcing the release of LUA Buglight 2.2, including support for Windows 8. LUA Buglight is an interactive utility that identifies admin-permissions issues (“LUA bugs”) in desktop applications.  Version 2.2 (attached to this blog post) adds support for Windows 8 and continues support for Windows XP, Vista, and 7, and all corresponding server platforms. Many legacy applications…


The Sysinternals book is available in Russian!

The Windows Sysinternals Administrator’s Reference that I co-authored with Mark Russinovich is now available in Russian!


Quoted by Raymond Chen!

It’s one thing to have one’s name associated with Mark Russinovich, but quite another to be quoted by Raymond Chen.  I’m absolutely thrilled that Raymond quoted me in his Windows Confidential column in this month’s TechNet Magazine.  This month’s column came about from internal email discussions about customers’ requests for official published Microsoft documentation about…


"Defrag Tools" – a new Channel 9 series (that will talk a lot about Sysinternals utilities)

My colleague and debug super-guru Andrew Richards sent this announcement out earlier today: Larry Larsen, Andrew Richards and Chad Beeder are pleased to announce our new Channel 9 show called Defrag Tools. Each week, the show dives deep in to a support tool – how to get it, how to configure it, how to…


TSSessions utility

Part of my Sysinternals Primer: Gems presentation at TechEd last month covered the topics of terminal services sessions, window stations and desktops.  To illustrate the concepts, I used a utility I wrote called TSSessions.  As promised, I have attached that utility (with source) to this blog post. TSSessions reports four sets of information: The TS session,…


From TechEd: Legacy Web App Issues, Sysinternals Gems, webcast with Mark Russinovich

The two sessions I delivered at TechEd this year are now available online, as is the recording of my live Channel 9 webcast with Microsoft Technical Fellow (and my co-author) Mark Russinovich from TechEd Europe.  And as I promised attendees of my Sysinternals talk, the TSSessions utility I wrote to enumerate terminal services sessions, window stations and desktops…


Legacy Web App Security and Sysinternals at TechEd North America + Europe 2012

I’m presenting a couple of sessions at TechEd North America 2012 in Orlando (June 11-14) and at TechEd Europe 2012 in Amsterdam (June 26-29). The first session is “Sysinternals Primer: Gems”, the latest in the Sysinternals Primer series (*). In the latest edition of the popular Sysinternals Primer series, join Aaron (Mark Russinovich’s co-author of…


Interviewed about the Sysinternals book on Let’s Talk Computers

Let’s Talk Computers ranks as one of the longest-running computer radio talk shows. I enjoyed it recently when they interviewed me about the Windows Sysinternals Administrator’s Reference.  They published Part 1 of that interview on March 3.  Check it out here: