DebugPrivilege's Avatar

DebugPrivilege

@debugger.bsky.social

System Administrator | Ex-MSFT | Microsoft MVP in Windows and Devices | Interested in Security, Debugging, and Windows Internals. Tweets are my own.

215 Followers  |  32 Following  |  20 Posts  |  Joined: 30.12.2024  |  1.8998

Latest posts by debugger.bsky.social on Bluesky

Recon 2025 - The Finer Details of LSA Credential Recovery
YouTube video by Recon Conference Recon 2025 - The Finer Details of LSA Credential Recovery

@reconmtl.bsky.social has uploaded the majority of the 2025 talks, including my talk on LSA. You can check it out at the below link if you'd like.

Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...

16.10.2025 15:34 β€” πŸ‘ 9    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Preview
Server hang explained: LSASS deadlock between mswsock and LoaderLock TLDR: For weeks a customer saw random domain controllers freeze with no clear errors in Event Viewer. It looked like network timeouts and…

Just posted a write-up on a DC hang traced to a deadlock inside LSASS. I break down call stacks, the blocked threads, and how doing LDAP work in DllMain triggered the issue. medium.com/@Debugger/se...

16.10.2025 10:19 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Interesting memory dump analysis in WinDbg. I think it's very useful not to show only the "golden path" to the solution!

10.10.2025 14:24 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
UNEXPECTED_STORE_EXCEPTION (0x154)β€Šβ€”β€ŠRoot Cause: Storage I/O Failure in iaStorAC.sys TLDR: I initially thought the crash occurred during hibernation because the Intel graphics driver failed to power down the GPU. This…

New blog post: Bugcheck 0x154 that was related to Intel RST driver causing storage I/O failures. I walk through different debugging techniques I used to prove it, from following IRPs and MiWaitForInPageComplete to more shenanigans. medium.com/@Debugger/un...

08.10.2025 06:47 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

To be honest, I can't believe I missed this. The !analyze -v command was already pointing to the driver as the cause, but I ignored it. I guess I'll have to double-check more carefully next time, but I'm satisfied with the analysis I've done. πŸ˜…

08.10.2025 01:29 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

It turns out this analysis was incorrect, and someone pointed it out to me. I've redone the analysis, and it's now much improved. For Part 2, where I cover the true cause of the crash, please take a look here: medium.com/@Debugger/un...

08.10.2025 01:27 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 1
Preview
Hibernation crash traced to Intel GPU driver (igdkmdn64) during power transition Today I’m digging into a crash dump that I can’t reproduce the issue unfortunately. Nothing obvious showed up inΒ !analyze -v, but further…

New blog post: Laptop froze on hibernate, because an Intel driver bailed during power transition and left a power IRP hanging. This can be an interesting one for those that are interested in how I maneuver through a crash dump and how I think, etc. medium.com/@Debugger/hi...

24.09.2025 05:21 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 1

Of course the private symbols are not available, so the ETW traces might be difficult to read. Other than that, it collects relevant data though :-)

21.09.2025 10:01 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Anyone used the TSS Troubleshooting script from MSFT before? I saw an Escalation Engineer used it, so I'd thought it could be interesting to others as well. The use-case was troubleshooting LSASS high CPU on a DC... learn.microsoft.com/en-us/troubl...

21.09.2025 09:42 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0

Has anyone already ditched Twitter for Bluesky? I’m still more active on Twitter, but I’ve noticed some people have moved over to Bluesky.

13.09.2025 14:14 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 4    πŸ“Œ 1

Eww PowerShell.

12.09.2025 17:49 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Power IRP timeout in RAS SSTP causes Blue Screen 0x9F during sleep We’ll first start with theΒ !winde.infocommand, which tells us that this system is a Windows 10 version 19041 on an 8 core Intel machine…

New blog post of me analyzing a crash dump with the bugcheck 0x9F. Root cause was a power IRP timeout in RAS SSTP during a device removal. The post walks PnP locks, the stuck IRP, and more, including my thought process. Check it out here: medium.com/@Debugger/po...

12.09.2025 17:46 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Preview
Troubleshooting Windows Volume Shadow Copy Service When troubleshooting problems with Volume Shadow Copy Service (VSS) on Windows, event logs and error codes don’t always tell the full…

Ever tried VSS tracing? I’ve been using it to troubleshoot Volume Shadow Copy issues. It’s super useful but not widely known, so I wrote a quick blog post about it. medium.com/@Debugger/tr...

11.05.2025 08:24 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Agreed. I still use Twitter though, but I've reduced my social media time a lot.

07.04.2025 09:04 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Yeah, same here :)

07.04.2025 08:16 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Is there anyone who completely ditched Twitter and now only uses Blue Sky? πŸ˜…

07.04.2025 08:10 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 3    πŸ“Œ 0
Preview
InsightEngineering/Time Travel Debugging (TTD)/2. TTD FAQ and Troubleshooting at main Β· DebugPrivilege/InsightEngineering Hardcore Debugging. Contribute to DebugPrivilege/InsightEngineering development by creating an account on GitHub.

Always wanted to know how to use Time Travel Debugging (TTD) to record lsass.exe? Well, here you have a chance to go for it. I haven't seen much documentation online where this is discussed. github.com/DebugPrivile...

05.02.2025 18:30 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
TextAnalysisTool.NET TextAnalysisTool.NET: A program designed to excel at viewing, searching, and navigating large files quickly and efficiently.

For those that are doing a lot of log analysis. textanalysistool.github.io is a free open-source tool that I've been using to analyze ESXi, Citrix, MpLogs, Teams support logs, etc. It can be useful when you deal with those raw format logs.

15.01.2025 11:03 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Who uses WinDbg as well in their daily work?

09.01.2025 13:35 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

- No more pizza with pineapple

07.01.2025 17:14 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption IssuesΒ  | MSRC Blog | Microsoft Security Response Center California Consumer Privacy Ac... The Microsoft Security Response Center (MSRC) receives reports about potential vulnerabilities in our products and it’s the job of our engineering team to assess the severity, impact, and root cause o...

Interesting old blog post from MSRC where they are talking about their in-house tool called ''VulnScan'' to automate the triage and root cause analysis of memory corruption issues. It's built on top of WinDbg and Time Travel Debugging as well! msrc.microsoft.com/blog/2017/10...

03.01.2025 08:55 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - DebugPrivilege/InsightEngineering: Hardcore Debugging Hardcore Debugging. Contribute to DebugPrivilege/InsightEngineering development by creating an account on GitHub.

Wishing everyone a Happy and Healthy 2025! πŸŽ‰- In case you missed it, I created a GitHub repository in 2024 covering Windows Debugging topics. It includes using tools like WinDbg to analyze memory dumps and more. If you're into Windows, check it out here: github.com/DebugPrivile...

31.12.2024 10:11 β€” πŸ‘ 7    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@debugger is following 20 prominent accounts