Past Meetup

Cloud Focus Group: Joint CSA & ISSA Special Cloud Security Event for Puget Sound

This Meetup is past

48 people went


This special event is hosted by Microsoft at the Commons on Microsoft's Redmond Campus. Attendance is open to anyone with an interest in information security. Attendance is free, but please register:

Trojan Horse: Nation-state use of Cybertechnology for Attack and Espionage, Mark Russinovich, Technical Fellow, Microsoft

Memory Analysis with Volatility for Forensics and Incident Response, Russ McRee, Director, Microsoft

Attendance is free, but please register:

Additional Information (Abstracts, Bios):

Trojan Horse: Nation-state use of Cybertechnology for Attack and Espionage, Mark Russinovich

Learn how governments including the U.S., Russia, China and Iran, use cyberspace as a theater of cyber warfare and espionage. Understand the trends and where escalation may lead. This talk gives a brief history of significant events in the history of cyberattacks, describes the common ways attackers penetrate and spread throughout a target network, and concludes with a look at the cyber policies and motivations of several nation-states.

Mark will be signing copies of his cyberthrillers, “Trojan Horse” and “Zero Day”, as well as his reference guides: "Sysinternals Admin Reference" and "Windows Internals Part 1" and “"Windows Internals Part 2" (check or cash). To reserve your copy, please RSVP at:


Mark Russinovich is a Technical Fellow in the Windows Azure Group at Microsoft working on Microsoft’s cloud platform. He is a widely recognized expert in operating systems, distributed systems, and cybersecurity. Russinovich is the author of two cyberthrillers, Zero Day and Trojan Horse, co-author of the Microsoft Press Windows Internals books, and co-author of the Sysinternals Administrator’s Reference. He joined Microsoft in 2006 when Microsoft acquired Winternals Software, the company he cofounded in 1996, as well as Sysinternals, where still he authors and publishes dozens of popular Windows administration and diagnostic utilities. He is a featured speaker at major industry conferences, including Microsoft's Tech•Ed, RSA Conference, BackHat, and BUILD.

Memory Analysis with Volatility for Forensics and Incident Response, Russ McRee

This discussion will cover the complete life cycle of memory acquisition and analysis for forensics and incident response, using Volatility. Volatility has been referred to as the Python version of the Windows Internals book, given how much can be learned about Windows by reviewing how Volatility enumerates evidence. We'll conduct real-time analysis and examine Volatility's plug-in capabilities.

The Volatility project shortens the amount of time it takes to put cutting-edge research into the hands of practitioners, while encouraging and pushing the technical advancement of the digital forensics field. Join us and learn more about this outstanding tool.


Russ McRee directs the Security Incident Management and Attack & Penetration testing teams for Microsoft’s Online Services Security & Compliance organization. He writes toolsmith, a monthly column for the ISSA Journal, and has written for numerous other publications including Information Security and Linux Magazine. Russ also speaks regularly at events such as RSA, DEFCON, and Black Hat, and is a SANS Internet Storm Center incident handler. His work includes service in the Washington State Guard as the Cybersecurity Advisor to the Washington Military Department.