Sysinternals 20th Birthday Seminar/Party, June 16th 2016

Event Sponsors:

On June 16th  2016 Win-Fu training is proud and honored to host the 20th Birthday Party for the most important toolset for every Admin out there: Sysinternals!!

We are offering a one day highly technical seminar with the best speakers in the World and a PARTY that will not be forgotten! This also happens to be the time of the year to enjoy Helsinki as the sun practically never goes down and the country is at its most beautiful.

Event agenda at a glance:

  • Mark Russinovich – Welcome to the Sysinternals 20th Birthday Party! (Online)
  • Aaron Margosis – Keynote
  • Paula Januszkiewicz – Sysmon
  • Tim Mangan – Process Monitor
  • Brian Catlin – Process Explorer
  • Daniel Pearson – LiveKd, ProcDump and NotMyFault
  • Mikko Järvinen & Petri Paavola – Troubleshooting Extravaganza
  • Sysinternals 20th Birthday PARTY! Cake, drinks, activities, prizes, presentations and networking!

Event duration: June 16th  2016 8:00AM – 11:30PM

Price: Until end of March the Early Bird price is 299€ (VAT 0%) and after that it’s 499€ (VAT 0%)

Venue: Messukeskus, Helsinki, FINLAND

You can attend online via Skype as well!

Buy your ticket here!


About our speakers:


Mark Russinovich

Mark Russinovich is Chief Technology Officer of Microsoft Azure, Microsoft’s cloud platform. He is a widely recognized expert in distributed systems and operating systems. Russinovich is the author of three cyberthrillers, Zero Day, Trojan Horse and Rogue Code, co-author of the Microsoft Press Windows Internals books, and co-author of the Sysinternals Administrator’s Reference. He also authors and publishes the Sysinternals tools, which include dozens of popular Windows administration and diagnostic utilities. He is a featured speaker at major industry conferences, including Microsoft TechEd, RSA Conference, BlackHat and BUILD.




Aaron Margosis

Aaron Margosis is a Windows nerd, focusing mostly on security, least privilege, and application compatibility. A frequent presenter, he is co-author with Mark Russinovich of the Sysinternals Administrators Reference (MS Press, 2011) and an active participant in the development of Microsoft’s official security guidance. He has published a number of useful tools over the years, including MakeMeAdmin, LUA Buglight, IE Zone Analyzer, LGPO (Local Group Policy Object utility) and Policy Analyzer. Aaron joined Microsoft Services in 1999, where he works with security-conscious customers.


6T5A7910 (3)Paula Januszkiewicz

Paula Januszkiewicz is an IT Security Auditor and Penetration Tester, Enterprise Security MVP and trainer (MCT) and Microsoft Security Trusted Advisor. She is also a top speaker at many well-known conferences including TechEd North America, TechEd Europe, TechEd Middle East, RSA, TechDays, CyberCrime. Last year she was rated as number one speaker at MS Ignite – the biggest Information Technology conference!  Paula is engaged as a keynote speaker for security related events and she writes articles on Windows Security. She drives her own company CQURE, working on security related issues and projects. Paula has conducted hundreds of IT security audits and penetration tests, including those for governmental organizations. Her distinct specialization is definitely on Microsoft security solutions in which she holds multiple Microsoft certifications, besides being familiar with and possessing certifications in other related technologies. Paula is passionate about sharing her knowledge with others. In private, she enjoys researching new technologies, which she converts to authored trainings. She wrote a book about Threat Management Gateway 2010, and is working on her next book. She has access to a source code of Windows! Every year she makes over 200 flights (2015 – 248) to gain more and more experience, provide penetration tests and consult Customers about how to secure their infrastructures.’

TimTim Mangan

A part-time developer, Tim is an independent consultant running his own training and consulting company, TMurgent Technologies.  Known all over the world as “the Godfather of Microsoft App-V”, he was responsible for creating the original version while at Softricity (later acquired by Microsoft).  He speaks at may conferences internationally, both on App-V and a series he calls “Inside the OS” where he digs deep into how the OS operates with demonstrations using both SysInternals and his own tools.





183325336Brian Catlin

Brian Catlin is an expert in Windows internals, device driver, and forensics, with more than 30 years of experience consulting and teaching. He is a co-founder of Azius Developer Training, which Microsoft uses to train their own developers and support teams, as well as their government customers world-wide. Brian is a gifted speaker, and has presented at dozens of conferences around the world. His knowledge and experience have been recognized by Microsoft, which makes him an MVP for device drivers every year. As a consultant, in addition to device drivers and forensic work, Brian uses his background in software, electrical, and mechanical engineering to design large complex systems, such as application-specific integrated circuits (ASICs), military command centers, and autonomous robotic systems.



183325336Daniel Pearson

One of the world’s greatest troubleshooters and a contributing author of NotMyFault!






mikko_jarvinen_250x300Mikko Järvinen

Mikko has over 15 years of experience in software deployment with Configuration Manager and GPO, msi repackaging, WiX Toolset, scripting, Windows deployment, problem solving using Sysinternals and other tools, Windows print services and general server and client administration. Mikko is a team leader of desktop services team at the IT Services of the University of Turku, Finland. Mikko is a Microsoft MVP in Cloud and Datacenter Management.




Petri_Paavola-250x250Petri Paavola

Petri has over 16 years of experience in workstation and domain environments from small companies to big Enterprise environments. Petri is responsible for Aalto University’s workstation service (over 8000 Windows, Linux and Mac) where troubleshooting skills are tested periodically. Petri’s own company Yodamiitti enables him also to work with other companies. Petri is a Microsoft MVP in “Windows for IT” for 6th year now and he’s frequently seen speaking in Finnish conferences.




Our conference chair Sami Laiho is to blame for organizing the event. Sami focuses on delivering an event such that has never been experienced before. The event was planned by the following principles:

1. Best speakers in the world

2. Most entertaining speakers in the world – If you fall a sleep because of our speakers you get your money back!

3. No sponsor sessions – You get what you pay for and no marketing pitches to listen to

4. Stuff that you can take home and apply instantly

5. Working logistics




Detailed agenda:


08.00-08:30      Coffee and light breakfast

08.30-08.45      Mark Russinovich – Welcome to Sysinternals’ 20th birthday!

08.45-09.45      Aaron Margosis – KEYNOTE

Keynote by the author of  Windows Sysinternals Administrator’s Reference

09.45-10.05      Coffee break

10.05-11.20     Paula Januszkiewicz The Ultimate Monitoring Guide: Keeping the Sysmon Ear to the OS Ground

Today (when this abstract is written) another Customer have been attacked by the CryptoLocker. Not only they have not implemented code execution prevention but they did not have any detailed monitoring about what executes on servers or workstations! System Monitor (Sysmon) is a utility that can track malicious activity on individual computers and across a network. After installation of Sysmon OS life can be divided into two phases: poor life before and informative life after! The usage simplicity and possibility to supply SIEM systems with logs makes Sysmon the tool that is implemented in companies ranging from enterprises to small ones. You can configure which events to capture at a granular level, track process creation and termination; the loading of kernel drivers, DLLs, network connections and changing of file creation timestamps. Sysmon can also log the digital signatures of files that are loaded. That’s a lot! But there is even more! Join Paula, security expert to learn how to put Sysmon into practice and how to do it on the large scale!

11:20-12:20      Lunch

12.20-13.35      Tim Mangan – Process Monitor

Process Monitor is a tool that we all use, but nobody ever teaches you how to use it properly.  In this session we’ll go through a ProcMon 101 class that covers the basics of how you should use it, and then dive into the details of how it works.  I’ll use some real-world examples from my world of debugging virtualized applications in Microsoft App-V, and show some not exactly documented ways to use the tool to perform acts like isolating driver bugs to a particular vendor.

13:35-13:55      Coffee break

13.55-15.10      Brian Catlin – Everything you ever wanted to know about Process Explorer, but didn’t know whom to ask

The Process Explorer tool is one of the most powerful – and popular – tools for examining the behavior of Windows systems. This session, taught by a Windows internals expert, will teach you about the multitude of features present in the tool, and how those features relate to Windows’ internal data structures and operation. We will teach you how to configure Process Explorer to use the Microsoft symbol server, which is necessary to examine thread stacks to determine what a thread is doing. Using this knowledge, we will use Process Explorer to determine which threads and services are consuming the most CPU time in a heavily loaded system. We will use Process Explorer to examine the Windows security structures to learn how integrity levels are implemented in Windows, and how the Internet Explorer sandbox protects your system. Process Explorer is a great tool for solving day-to-day Windows annoyances, such as finding out which process has a handle open to a file that you’re trying to delete, or which program is consuming too much system memory.

15:10-15:30      Break


15:30-16.15      Daniel Pearson – LiveKd, ProcDump and NotMyFault

Session about LiveKd, ProcDump and NotMyFault by one of the contributing authors of the last one.

16:15-16:30      Break

16:30-17.30      Mikko Järvinen & Petri Paavola – Troubleshooting Extravaganza

Case studies, tips and tricks on how to use Sysinternals tools for troubleshooting.

19:00-23.00      PARTY! Nightclub at the City Center, over the roofs!


Price of the event: 499€ (VAT 0%) – Early Bird until end of March: 299€ (VAT 0%)

Included in the price:

  • Ticket to the event
  • Breakfast, Lunch, Coffee, Snacks, Party
  • Parking
  • Cloakroom services


Venue: Messukeskus, Helsinki, FINLAND

Space is extremely limited and we encourage everyone to act fast!

To buy a ticket please click the link below:

Buy your ticket here!


Why to attend? Do you need to convince your boss?

  • Finland is the least corrupted country in the world and the best place to enjoy a conference/party at. This time of the year it’s summer and almost endless daylight for you to enjoy. It couldn’t be easier and more Fun than this!
  • Sysinternals has helped everyone of us for the past two decades and keeps on being the most important toolset for everyone.
  • There’s no better ROI than this event offers. How many times have you wondered about the varying levels of sessions and speakers in an event? We’ve made sure that you don’t have to worry about it.
  • No need to choose tracks. This event is a one track success story – We’ve decided for you!
  • Not all can travel to US for Microsoft Ignite (previously TechEd)
  • The content is pre-picked to fit our customers. Our Conference Chair Sami Laiho has made sure of that. Sami is also very picky on the entertainment value of speakers – Expect to be learning a lot while enjoying it!
  • All speakers are among the best evaluated speakers anywhere in the world.

What about a hotel to stay in?

I’d stay in city center and take the train for one stop (bus and tram work as well) to the venue. If you want to stay near to the venue the place is called “Pasila”. The venue hotel is called “Holiday Inn Messukeskus”. There’s nothing to see in Pasila so I’d head for the city center anyway 🙂

  • Mr. Administrators list
    • Scandic Simonkenttä” is a very nice hotel and in the middle of everything
      • I’d probably go there myself – Good but not overly expensive
    • Hotel Kämp
      • Most expensive and luxurious in Helsinki
    • Scandic Paasi
      • Cool, “different”, good price for the money but not as conveniently located
    • Hilton Strand
      • US service, nice scenery but a bit further away