@reconmtl.bsky.social has uploaded the majority of the 2025 talks, including my talk on LSA. You can check it out at the below link if you'd like.
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Just posted a write-up on a DC hang traced to a deadlock inside LSASS. I break down call stacks, the blocked threads, and how doing LDAP work in DllMain triggered the issue. medium.com/@Debugger/se...
Interesting memory dump analysis in WinDbg. I think it's very useful not to show only the "golden path" to the solution!
To be honest, I can't believe I missed this. The !analyze -v command was already pointing to the driver as the cause, but I ignored it. I guess I'll have to double-check more carefully next time, but I'm satisfied with the analysis I've done. 😅
Of course the private symbols are not available, so the ETW traces might be difficult to read. Other than that, it collects relevant data though :-)
Anyone used the TSS Troubleshooting script from MSFT before? I saw an Escalation Engineer used it, so I'd thought it could be interesting to others as well. The use-case was troubleshooting LSASS high CPU on a DC... learn.microsoft.com/en-us/troubl...
Has anyone already ditched Twitter for Bluesky? I’m still more active on Twitter, but I’ve noticed some people have moved over to Bluesky.
Eww PowerShell.
New blog post of me analyzing a crash dump with the bugcheck 0x9F. Root cause was a power IRP timeout in RAS SSTP during a device removal. The post walks PnP locks, the stuck IRP, and more, including my thought process. Check it out here: medium.com/@Debugger/po...
Ever tried VSS tracing? I’ve been using it to troubleshoot Volume Shadow Copy issues. It’s super useful but not widely known, so I wrote a quick blog post about it. medium.com/@Debugger/tr...
Agreed. I still use Twitter though, but I've reduced my social media time a lot.
Yeah, same here :)
Is there anyone who completely ditched Twitter and now only uses Blue Sky? 😅
Always wanted to know how to use Time Travel Debugging (TTD) to record lsass.exe? Well, here you have a chance to go for it. I haven't seen much documentation online where this is discussed. github.com/DebugPrivile...
For those that are doing a lot of log analysis. textanalysistool.github.io is a free open-source tool that I've been using to analyze ESXi, Citrix, MpLogs, Teams support logs, etc. It can be useful when you deal with those raw format logs.
Who uses WinDbg as well in their daily work?
- No more pizza with pineapple
Interesting old blog post from MSRC where they are talking about their in-house tool called ''VulnScan'' to automate the triage and root cause analysis of memory corruption issues. It's built on top of WinDbg and Time Travel Debugging as well! msrc.microsoft.com/blog/2017/10...
Wishing everyone a Happy and Healthy 2025! 🎉- In case you missed it, I created a GitHub repository in 2024 covering Windows Debugging topics. It includes using tools like WinDbg to analyze memory dumps and more. If you're into Windows, check it out here: github.com/DebugPrivile...