DebugPrivilege
@debugger.bsky.social
System Administrator | Ex-MSFT | Microsoft MVP in Windows and Devices | Interested in Security, Debugging, and Windows Internals. Tweets are my own.
Reposted by DebugPrivilege
@reconmtl.bsky.social has uploaded the majority of the 2025 talks, including my talk on LSA. You can check it out at the below link if you'd like.
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Recon 2025 - The Finer Details of LSA Credential Recovery
YouTube video by Recon Conference
youtu.be
October 16, 2025 at 3:34 PM
@reconmtl.bsky.social has uploaded the majority of the 2025 talks, including my talk on LSA. You can check it out at the below link if you'd like.
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Just posted a write-up on a DC hang traced to a deadlock inside LSASS. I break down call stacks, the blocked threads, and how doing LDAP work in DllMain triggered the issue. medium.com/@Debugger/se...
Server hang explained: LSASS deadlock between mswsock and LoaderLock
TLDR: For weeks a customer saw random domain controllers freeze with no clear errors in Event Viewer. It looked like network timeouts and…
medium.com
October 16, 2025 at 10:19 AM
Just posted a write-up on a DC hang traced to a deadlock inside LSASS. I break down call stacks, the blocked threads, and how doing LDAP work in DllMain triggered the issue. medium.com/@Debugger/se...
Reposted by DebugPrivilege
Interesting memory dump analysis in WinDbg. I think it's very useful not to show only the "golden path" to the solution!
It turns out this analysis was incorrect, and someone pointed it out to me. I've redone the analysis, and it's now much improved. For Part 2, where I cover the true cause of the crash, please take a look here: medium.com/@Debugger/un...
October 10, 2025 at 2:24 PM
Interesting memory dump analysis in WinDbg. I think it's very useful not to show only the "golden path" to the solution!
New blog post: Bugcheck 0x154 that was related to Intel RST driver causing storage I/O failures. I walk through different debugging techniques I used to prove it, from following IRPs and MiWaitForInPageComplete to more shenanigans. medium.com/@Debugger/un...
UNEXPECTED_STORE_EXCEPTION (0x154) — Root Cause: Storage I/O Failure in iaStorAC.sys
TLDR: I initially thought the crash occurred during hibernation because the Intel graphics driver failed to power down the GPU. This…
medium.com
October 8, 2025 at 6:47 AM
New blog post: Bugcheck 0x154 that was related to Intel RST driver causing storage I/O failures. I walk through different debugging techniques I used to prove it, from following IRPs and MiWaitForInPageComplete to more shenanigans. medium.com/@Debugger/un...
It turns out this analysis was incorrect, and someone pointed it out to me. I've redone the analysis, and it's now much improved. For Part 2, where I cover the true cause of the crash, please take a look here: medium.com/@Debugger/un...
October 8, 2025 at 1:27 AM
It turns out this analysis was incorrect, and someone pointed it out to me. I've redone the analysis, and it's now much improved. For Part 2, where I cover the true cause of the crash, please take a look here: medium.com/@Debugger/un...
New blog post: Laptop froze on hibernate, because an Intel driver bailed during power transition and left a power IRP hanging. This can be an interesting one for those that are interested in how I maneuver through a crash dump and how I think, etc. medium.com/@Debugger/hi...
Hibernation crash traced to Intel GPU driver (igdkmdn64) during power transition
Today I’m digging into a crash dump that I can’t reproduce the issue unfortunately. Nothing obvious showed up in !analyze -v, but further…
medium.com
September 24, 2025 at 5:21 AM
New blog post: Laptop froze on hibernate, because an Intel driver bailed during power transition and left a power IRP hanging. This can be an interesting one for those that are interested in how I maneuver through a crash dump and how I think, etc. medium.com/@Debugger/hi...
Anyone used the TSS Troubleshooting script from MSFT before? I saw an Escalation Engineer used it, so I'd thought it could be interesting to others as well. The use-case was troubleshooting LSASS high CPU on a DC... learn.microsoft.com/en-us/troubl...
September 21, 2025 at 9:42 AM
Anyone used the TSS Troubleshooting script from MSFT before? I saw an Escalation Engineer used it, so I'd thought it could be interesting to others as well. The use-case was troubleshooting LSASS high CPU on a DC... learn.microsoft.com/en-us/troubl...
Has anyone already ditched Twitter for Bluesky? I’m still more active on Twitter, but I’ve noticed some people have moved over to Bluesky.
September 13, 2025 at 2:14 PM
Has anyone already ditched Twitter for Bluesky? I’m still more active on Twitter, but I’ve noticed some people have moved over to Bluesky.
New blog post of me analyzing a crash dump with the bugcheck 0x9F. Root cause was a power IRP timeout in RAS SSTP during a device removal. The post walks PnP locks, the stuck IRP, and more, including my thought process. Check it out here: medium.com/@Debugger/po...
Power IRP timeout in RAS SSTP causes Blue Screen 0x9F during sleep
We’ll first start with the !winde.infocommand, which tells us that this system is a Windows 10 version 19041 on an 8 core Intel machine…
medium.com
September 12, 2025 at 5:46 PM
New blog post of me analyzing a crash dump with the bugcheck 0x9F. Root cause was a power IRP timeout in RAS SSTP during a device removal. The post walks PnP locks, the stuck IRP, and more, including my thought process. Check it out here: medium.com/@Debugger/po...
Ever tried VSS tracing? I’ve been using it to troubleshoot Volume Shadow Copy issues. It’s super useful but not widely known, so I wrote a quick blog post about it. medium.com/@Debugger/tr...
Troubleshooting Windows Volume Shadow Copy Service
When troubleshooting problems with Volume Shadow Copy Service (VSS) on Windows, event logs and error codes don’t always tell the full…
medium.com
May 11, 2025 at 8:24 AM
Ever tried VSS tracing? I’ve been using it to troubleshoot Volume Shadow Copy issues. It’s super useful but not widely known, so I wrote a quick blog post about it. medium.com/@Debugger/tr...
Is there anyone who completely ditched Twitter and now only uses Blue Sky? 😅
April 7, 2025 at 8:10 AM
Is there anyone who completely ditched Twitter and now only uses Blue Sky? 😅
Always wanted to know how to use Time Travel Debugging (TTD) to record lsass.exe? Well, here you have a chance to go for it. I haven't seen much documentation online where this is discussed. github.com/DebugPrivile...
InsightEngineering/Time Travel Debugging (TTD)/2. TTD FAQ and Troubleshooting at main · DebugPrivilege/InsightEngineering
Hardcore Debugging. Contribute to DebugPrivilege/InsightEngineering development by creating an account on GitHub.
github.com
February 5, 2025 at 6:30 PM
Always wanted to know how to use Time Travel Debugging (TTD) to record lsass.exe? Well, here you have a chance to go for it. I haven't seen much documentation online where this is discussed. github.com/DebugPrivile...
For those that are doing a lot of log analysis. textanalysistool.github.io is a free open-source tool that I've been using to analyze ESXi, Citrix, MpLogs, Teams support logs, etc. It can be useful when you deal with those raw format logs.
TextAnalysisTool.NET
TextAnalysisTool.NET: A program designed to excel at viewing, searching, and navigating large files quickly and efficiently.
textanalysistool.github.io
January 15, 2025 at 11:03 AM
For those that are doing a lot of log analysis. textanalysistool.github.io is a free open-source tool that I've been using to analyze ESXi, Citrix, MpLogs, Teams support logs, etc. It can be useful when you deal with those raw format logs.
Who uses WinDbg as well in their daily work?
January 9, 2025 at 1:35 PM
Who uses WinDbg as well in their daily work?
Interesting old blog post from MSRC where they are talking about their in-house tool called ''VulnScan'' to automate the triage and root cause analysis of memory corruption issues. It's built on top of WinDbg and Time Travel Debugging as well! msrc.microsoft.com/blog/2017/10...
VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues | MSRC Blog
| Microsoft Security Response Center
California Consumer Privacy Ac...
The Microsoft Security Response Center (MSRC) receives reports about potential vulnerabilities in our products and it’s the job of our engineering team to assess the severity, impact, and root cause o...
msrc.microsoft.com
January 3, 2025 at 8:55 AM
Interesting old blog post from MSRC where they are talking about their in-house tool called ''VulnScan'' to automate the triage and root cause analysis of memory corruption issues. It's built on top of WinDbg and Time Travel Debugging as well! msrc.microsoft.com/blog/2017/10...
Wishing everyone a Happy and Healthy 2025! 🎉- In case you missed it, I created a GitHub repository in 2024 covering Windows Debugging topics. It includes using tools like WinDbg to analyze memory dumps and more. If you're into Windows, check it out here: github.com/DebugPrivile...
GitHub - DebugPrivilege/InsightEngineering: Hardcore Debugging
Hardcore Debugging. Contribute to DebugPrivilege/InsightEngineering development by creating an account on GitHub.
github.com
December 31, 2024 at 10:11 AM
Wishing everyone a Happy and Healthy 2025! 🎉- In case you missed it, I created a GitHub repository in 2024 covering Windows Debugging topics. It includes using tools like WinDbg to analyze memory dumps and more. If you're into Windows, check it out here: github.com/DebugPrivile...