SlideShare a Scribd company logo

PAC 2019 virtual Christoph NEUMÜLLER

N
Neotys

large scale crash dump analysis

Engineering
1 of 42
Download to read offline
Large Scale Enterprise Crash Dump Analysis By Christoph Neumüller Product Architect @ Dynatrace
Large Scale Enterprise Crash Dump Analysis • The journey that led to an tool (SuperDump) that fully automates crash dump analysis • How we reduced the time it takes to analyze a crash dump from to • How automation transformed our workflow
A story from 2014
Astory from 2014 • Peter (Customer): "We have a problem with your product. It's crashing." • Steffi (Support): "Ok, please create a crash-dump and upload it to our support-portal." • Peter (Customer): "Ok, here you go." • Steffi (Support): "Development, this customer has [problem X], please have a look at these crash dumps." • Luke (Development): "Oh, I've never done this before. Sarah, you have experience with this. Can you help?" • Sarah (Development): "Sure. (Downloads 500MBfile). Oh, it's a windows dump. Can't analyze that on my Linux box. Tom, can you take this?" • Tom (Development): "Ok. (Downloads 500MB file). Configures symbol server. Uses Visual Studio to see stacktraces. Makes screenshots and attaches them to JIRA." • Next day: Luke (dev): "Thanks Tom. I've almost got it. Can you find out this [detail X] for me?" • Tom (dev): "Sigh. Loads dump again, this time in a different tool (WinDbg), as it allows deeper research. Finds [detail X]." • Luke (dev): Finds and fixes problem. • ... • Next week: "Hey Tom, I have 20 new crash dumps, can you analyze them?" • Tom: “Great Scott. We need to automate this."
Crash dump analysis?
Crash dumpanalysis • A crash dump is: • Windows: „.dmp“ (FullDump, MiniDump) • Linux: „.core“ (Coredump) • Crash dump analysis is like going back in time to inspect a certain event • The goal is usually to find the faulting thread, the faulting stackframe and thus the line of code caused the fault (e.g. access violation, segfault, ...) • We‘re focused on native (C++) and managed (.NET) crash analysis
• Visual Studio • Easy. Basic analysis. Windows. • DebugDiag • Easy. Emits HTML report. Windows. • GDB • Intermediate. Advanced analysis. Linux. • WinDbg • Hard. Advanced analysis. Windows. Commontools forcrash dumpanalysis (C++,.NET)
Anexample: WinWbg |. (status about process) ~15s (select thread 15) k (native stack) ~* k (all native stacks lmf (show loaded modules) .exr -1 (last exception) .cordll -ve -u –l (get SOS loaded) !clrstack (managed .net stack) ~*e !clrstack (show all managed .net stacks) x *! (show symbol paths) • Expert tool: very powerful, but hard to learn
Crash dumpanalysis istimeconsumingand sometimeshard • Simple analysis needs preparation • Tools installed • Symbol servers properly configured • Different tools required for Windows and Linux • Simple analysis is repetitive • Download crashdump • Open tool (e.g. WinDbg) • Find list all stacks with exceptions • Post results to JIRA • Deep analysis is considered „dark magic“ art • Nasty crashes are hard to crack (memory corruptions, deadlocks)
What was our problem in our story?
Ourproblems • Experts required • Multiple devs needed to be involved • Although we had a few distibguished experts, not nearly all developers were experienced in crash dump analysis • Workflow cumbersome • Passing around large files (what about data security and retention?) • Time effort • Setup and running analysis is time consuming. Expert time is wasted. • How can we scale this? • We want to become more proactive about bugs & crashes. Automatically capture every crash from Test, Staging, Production (selected) & Support.
Our journey to automation
Step1:Automateanalysis
Step1:Automateanalysis SuperDump.Analyzer.exe Text Output CLRMD
That’s cute. But does it help productivity yet?
Step2:WebFrontend SuperDump.Analyzer.exe SuperDump.Service.exe CLRMD ASP.NET Core result.json.dmp Web-Frontend Developers Hangfire https://github.com/HangfireIO/Hangfire
Step3: Automateworkflow It also helps non-Windows developers to quick- assess crash-dumps more easily! Nice! Non-experienced people can analyze dumps without special tools and knowhow. Crash dumps can be referred to per URL https://superdump.acme.org/Home/Report?bundleId=zgi5110&dumpId=wkc9242
Step3: Automateworkflow SuperDump.Analyzer.exe SuperDump.Service.exe CLRMD ASP.NET Core result.json.dmp Web-Frontend JIRA Support REST API Developers Hangfire Tests curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "url": "https://dumps.local/mydump.dmp", }' 'http://superdump.local/api/Dumps' Response: { "location": "http://superdump.local/Home/BundleCreated?bundleId=czs6140", "date": "Fri, 05 May 2017 20:13:04 GMT", }
Awesome. Analysis is already finished by the time a dev gets involved. But still not enough. What if I want to investigate a very special case. I want all the power of WinDbg. But in the browser...
Step4: Allowdeep analysis SuperDump. Analyzer.exe SuperDump.Service.exe CLRMD ASP.NET Core result .json Web-FrontendREST API cdb.exe (WinDbg) Websockets I/O Redirect Browser jquery. console Developers Hangfire JIRA Support Tests
Wow. Now even deep investigations can be made in the browser. No need for local tools anymore. This is a game changer for non-Windows developers.
SuperDump. Analyzer.exe SuperDump.Service.exe CLRMD ASP.NET Core result .json Web-FrontendREST API cdb.exe (WinDbg) Websockets I/O Redirect Browser jquery. console Remote Docker Linux result .json SuperDump.Analyzer.Linux.dll Developers Hangfire JIRA Support Tests libunwind
Neat. No more Linux VM’s necessary for Windows developers to debug Linux coredumps.
Linux Architecture SuperDump. Analysis.exe SuperDump.Service.exe CLRMD ASP.NET Core result .json Web-FrontendREST API cdb.exe (WinDbg) Websockets I/O Redirect Browser jquery. console Docker for Windows result .json Developers Hangfire JIRA Support Tests Linux container gotty (remote TTY) GDB I/O Redirect https://github.com/yudai/gotty SuperDump.Analyzer.Linux.exe libunwind
More goodness... • LDAP Authentication & User Roles • Audit Logging • JIRA integration (backlink detection) • Automatic data retention • Slack-Notifications • Similiarty detection • Elasticsearch storage (for indexing and search)
Demo Time Demo
Automation transformed our workflow!
What changed byautomaticcrash dumpanalysis? (1) • Speed • Triaging crash dumps down from to ! • Enabling people • Non-experienced people are capable of simple crash analysis • No more local tools & setup required (all in the browser) • Experts not blocked so much anymore • Communication • Referring to a crash via URL changed a lot. Can be referenced in JIRA, E-Mail, Slack. Better than passing huge files around.
What changed byautomaticcrash dumpanalysis? (2) • Security • Files are kept in a secure location. Audit-log for access. Automatic retention. • Scalability • We can now assess every single crash dump from tests, from staging, from production. • Can analyze up to 1000+ crash dumps per day. • Quality improved • Since analysis is easier, we are much more pro-active and feed all available sources into SuperDump. It has increased our product quality.
SuperDump and Open Source
SuperDumpand OpenSource • Open-sourced in 2017 with permissive license (MIT): https://github.com/Dynatrace/superdump • Maintained and actively used at Dynatrace • (not as a commercial product) • Roadmap: • Generic analyzer framework to enable not only crash-dump analysis but also analysis of logfiles, java hs_err_pid, … (a.k.a. generic “dumps” of data) • Kubernetize SuperDump (be able to scale analyzers up and down) • Better clustering and visualization of duplicates • Contributions and feedback are welcome ☺
Summary
Summary • What is crash-dump analysis and how we did it in 2014 • The journey to automation and how it led to SuperDump • How automation via SuperDump transformed us • This led to • Analysis time down from to ! involved quality through
Appendix
Howto create acrash dump • Windows Task Manager (manual, be aware of bitness!) • Process Explorer (SysInternals, manual) • ProcDump (SysInternals, can dump on crash!) • Windows Error Reporting (automatic, if enabled) • DebugDiag (automatic, if enabled) • dbghelp.dll API (MiniDumpWriteDump, it’s on you!) • Linux: Adapt “kernel.core_pattern”

Recommended

First adventure within a shell - Andrea Telatin at Quadram Institute
First adventure within a shell - Andrea Telatin at Quadram InstituteFirst adventure within a shell - Andrea Telatin at Quadram Institute
First adventure within a shell - Andrea Telatin at Quadram InstituteAndrea Telatin
 
Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Daniel Bohannon
 
Attack-driven defense
Attack-driven defenseAttack-driven defense
Attack-driven defenseZane Lackey
 
ContainerCon - Test Driven Infrastructure
ContainerCon - Test Driven InfrastructureContainerCon - Test Driven Infrastructure
ContainerCon - Test Driven InfrastructureYury Tsarev
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesRavishankar Somasundaram
 
Perl-Critic
Perl-CriticPerl-Critic
Perl-CriticJonas Brømsø
 
Migrating big data
Migrating big dataMigrating big data
Migrating big datalauraxthomson
 
Linux HA anno 2014
Linux HA anno 2014Linux HA anno 2014
Linux HA anno 2014Julien Pivotto
 

Recommended

First adventure within a shell - Andrea Telatin at Quadram Institute
First adventure within a shell - Andrea Telatin at Quadram InstituteFirst adventure within a shell - Andrea Telatin at Quadram Institute
First adventure within a shell - Andrea Telatin at Quadram InstituteAndrea Telatin
 
Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Daniel Bohannon
 
Attack-driven defense
Attack-driven defenseAttack-driven defense
Attack-driven defenseZane Lackey
 
ContainerCon - Test Driven Infrastructure
ContainerCon - Test Driven InfrastructureContainerCon - Test Driven Infrastructure
ContainerCon - Test Driven InfrastructureYury Tsarev
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesRavishankar Somasundaram
 
Perl-Critic
Perl-CriticPerl-Critic
Perl-CriticJonas Brømsø
 
Migrating big data
Migrating big dataMigrating big data
Migrating big datalauraxthomson
 
Linux HA anno 2014
Linux HA anno 2014Linux HA anno 2014
Linux HA anno 2014Julien Pivotto
 
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)Tim Bunce
 
Beyond TDD: Enabling Your Team to Continuously Deliver Software
Beyond TDD: Enabling Your Team to Continuously Deliver SoftwareBeyond TDD: Enabling Your Team to Continuously Deliver Software
Beyond TDD: Enabling Your Team to Continuously Deliver SoftwareChris Weldon
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueWill Schroeder
 
Workshop: PowerShell for Penetration Testers
Workshop: PowerShell for Penetration TestersWorkshop: PowerShell for Penetration Testers
Workshop: PowerShell for Penetration TestersNikhil Mittal
 
Why internal pen tests are still fun
Why internal pen tests are still funWhy internal pen tests are still fun
Why internal pen tests are still funpyschedelicsupernova
 
Oscp preparation
Oscp preparationOscp preparation
Oscp preparationManich Koomsusi
 
Obfuscating The Empire
Obfuscating The EmpireObfuscating The Empire
Obfuscating The EmpireRyan Cobb
 
Lotuscript for large systems
Lotuscript for large systemsLotuscript for large systems
Lotuscript for large systemsBill Buchan
 
Rihards Olups - Zabbix at Nokia - Case Study
Rihards Olups - Zabbix at Nokia - Case StudyRihards Olups - Zabbix at Nokia - Case Study
Rihards Olups - Zabbix at Nokia - Case StudyZabbix
 
More fun using Kautilya
More fun using KautilyaMore fun using Kautilya
More fun using KautilyaNikhil Mittal
 
SecureWV - APT2
SecureWV - APT2SecureWV - APT2
SecureWV - APT2Adam Compton
 
Puppetize PDX 2019 - Automated Patching with Bolt by Nick Maludy
Puppetize PDX 2019 - Automated Patching with Bolt by Nick MaludyPuppetize PDX 2019 - Automated Patching with Bolt by Nick Maludy
Puppetize PDX 2019 - Automated Patching with Bolt by Nick MaludyNick Maludy
 
Kernel Recipes 2017 - Testing on device with LAVA - Olivier Crête
Kernel Recipes 2017 - Testing on device with LAVA - Olivier CrêteKernel Recipes 2017 - Testing on device with LAVA - Olivier Crête
Kernel Recipes 2017 - Testing on device with LAVA - Olivier CrêteAnne Nicolas
 
Packaging is the Worst Way to Distribute Software, Except for Everything Else
Packaging is the Worst Way to Distribute Software, Except for Everything ElsePackaging is the Worst Way to Distribute Software, Except for Everything Else
Packaging is the Worst Way to Distribute Software, Except for Everything Elsemckern
 
Stackato v6
Stackato v6Stackato v6
Stackato v6Jonas Brømsø
 
SANS DFIR Prague: PowerShell & WMI
SANS DFIR Prague: PowerShell & WMISANS DFIR Prague: PowerShell & WMI
SANS DFIR Prague: PowerShell & WMIJoe Slowik
 
InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017Mandi Walls
 
Adventures in Asymmetric Warfare
Adventures in Asymmetric WarfareAdventures in Asymmetric Warfare
Adventures in Asymmetric WarfareWill Schroeder
 
Automation: from local test to production deploy - 2020-11-05
Automation: from local test to production deploy - 2020-11-05Automation: from local test to production deploy - 2020-11-05
Automation: from local test to production deploy - 2020-11-05Alessandra Bilardi
 
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Daniel Bohannon
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
 
.NET Debugging Workshop
.NET Debugging Workshop.NET Debugging Workshop
.NET Debugging WorkshopSasha Goldshtein
 

More Related Content

What's hot

Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)Tim Bunce
 
Beyond TDD: Enabling Your Team to Continuously Deliver Software
Beyond TDD: Enabling Your Team to Continuously Deliver SoftwareBeyond TDD: Enabling Your Team to Continuously Deliver Software
Beyond TDD: Enabling Your Team to Continuously Deliver SoftwareChris Weldon
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueWill Schroeder
 
Workshop: PowerShell for Penetration Testers
Workshop: PowerShell for Penetration TestersWorkshop: PowerShell for Penetration Testers
Workshop: PowerShell for Penetration TestersNikhil Mittal
 
Why internal pen tests are still fun
Why internal pen tests are still funWhy internal pen tests are still fun
Why internal pen tests are still funpyschedelicsupernova
 
Obfuscating The Empire
Obfuscating The EmpireObfuscating The Empire
Obfuscating The EmpireRyan Cobb
 
Lotuscript for large systems
Lotuscript for large systemsLotuscript for large systems
Lotuscript for large systemsBill Buchan
 
Rihards Olups - Zabbix at Nokia - Case Study
Rihards Olups - Zabbix at Nokia - Case StudyRihards Olups - Zabbix at Nokia - Case Study
Rihards Olups - Zabbix at Nokia - Case StudyZabbix
 
More fun using Kautilya
More fun using KautilyaMore fun using Kautilya
More fun using KautilyaNikhil Mittal
 
Puppetize PDX 2019 - Automated Patching with Bolt by Nick Maludy
Puppetize PDX 2019 - Automated Patching with Bolt by Nick MaludyPuppetize PDX 2019 - Automated Patching with Bolt by Nick Maludy
Puppetize PDX 2019 - Automated Patching with Bolt by Nick MaludyNick Maludy
 
Kernel Recipes 2017 - Testing on device with LAVA - Olivier Crête
Kernel Recipes 2017 - Testing on device with LAVA - Olivier CrêteKernel Recipes 2017 - Testing on device with LAVA - Olivier Crête
Kernel Recipes 2017 - Testing on device with LAVA - Olivier CrêteAnne Nicolas
 
Packaging is the Worst Way to Distribute Software, Except for Everything Else
Packaging is the Worst Way to Distribute Software, Except for Everything ElsePackaging is the Worst Way to Distribute Software, Except for Everything Else
Packaging is the Worst Way to Distribute Software, Except for Everything Elsemckern
 
SANS DFIR Prague: PowerShell & WMI
SANS DFIR Prague: PowerShell & WMISANS DFIR Prague: PowerShell & WMI
SANS DFIR Prague: PowerShell & WMIJoe Slowik
 
InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017Mandi Walls
 
Adventures in Asymmetric Warfare
Adventures in Asymmetric WarfareAdventures in Asymmetric Warfare
Adventures in Asymmetric WarfareWill Schroeder
 
Automation: from local test to production deploy - 2020-11-05
Automation: from local test to production deploy - 2020-11-05Automation: from local test to production deploy - 2020-11-05
Automation: from local test to production deploy - 2020-11-05Alessandra Bilardi
 
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Daniel Bohannon
 

What's hot (20)

Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)
 
Beyond TDD: Enabling Your Team to Continuously Deliver Software
Beyond TDD: Enabling Your Team to Continuously Deliver SoftwareBeyond TDD: Enabling Your Team to Continuously Deliver Software
Beyond TDD: Enabling Your Team to Continuously Deliver Software
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
 
Workshop: PowerShell for Penetration Testers
Workshop: PowerShell for Penetration TestersWorkshop: PowerShell for Penetration Testers
Workshop: PowerShell for Penetration Testers
 
Why internal pen tests are still fun
Why internal pen tests are still funWhy internal pen tests are still fun
Why internal pen tests are still fun
 
Oscp preparation
Oscp preparationOscp preparation
Oscp preparation
 
Obfuscating The Empire
Obfuscating The EmpireObfuscating The Empire
Obfuscating The Empire
 
Lotuscript for large systems
Lotuscript for large systemsLotuscript for large systems
Lotuscript for large systems
 
Rihards Olups - Zabbix at Nokia - Case Study
Rihards Olups - Zabbix at Nokia - Case StudyRihards Olups - Zabbix at Nokia - Case Study
Rihards Olups - Zabbix at Nokia - Case Study
 
More fun using Kautilya
More fun using KautilyaMore fun using Kautilya
More fun using Kautilya
 
SecureWV - APT2
SecureWV - APT2SecureWV - APT2
SecureWV - APT2
 
Puppetize PDX 2019 - Automated Patching with Bolt by Nick Maludy
Puppetize PDX 2019 - Automated Patching with Bolt by Nick MaludyPuppetize PDX 2019 - Automated Patching with Bolt by Nick Maludy
Puppetize PDX 2019 - Automated Patching with Bolt by Nick Maludy
 
Kernel Recipes 2017 - Testing on device with LAVA - Olivier Crête
Kernel Recipes 2017 - Testing on device with LAVA - Olivier CrêteKernel Recipes 2017 - Testing on device with LAVA - Olivier Crête
Kernel Recipes 2017 - Testing on device with LAVA - Olivier Crête
 
Packaging is the Worst Way to Distribute Software, Except for Everything Else
Packaging is the Worst Way to Distribute Software, Except for Everything ElsePackaging is the Worst Way to Distribute Software, Except for Everything Else
Packaging is the Worst Way to Distribute Software, Except for Everything Else
 
Stackato v6
Stackato v6Stackato v6
Stackato v6
 
SANS DFIR Prague: PowerShell & WMI
SANS DFIR Prague: PowerShell & WMISANS DFIR Prague: PowerShell & WMI
SANS DFIR Prague: PowerShell & WMI
 
InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017
 
Adventures in Asymmetric Warfare
Adventures in Asymmetric WarfareAdventures in Asymmetric Warfare
Adventures in Asymmetric Warfare
 
Automation: from local test to production deploy - 2020-11-05
Automation: from local test to production deploy - 2020-11-05Automation: from local test to production deploy - 2020-11-05
Automation: from local test to production deploy - 2020-11-05
 
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
 

Similar to PAC 2019 virtual Christoph NEUMÜLLER

The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
 
Large Scale Crash Dump Analysis with SuperDump
Large Scale Crash Dump Analysis with SuperDumpLarge Scale Crash Dump Analysis with SuperDump
Large Scale Crash Dump Analysis with SuperDumpChristoph Neumüller
 
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment isc2-hellenic
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...SegInfo
 
Advanced windows debugging
Advanced windows debuggingAdvanced windows debugging
Advanced windows debuggingchrisortman
 
Project Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docxProject Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docxbriancrawford30935
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...Hackito Ergo Sum
 
Large-scaled Deploy Over 100 Servers in 3 Minutes
Large-scaled Deploy Over 100 Servers in 3 MinutesLarge-scaled Deploy Over 100 Servers in 3 Minutes
Large-scaled Deploy Over 100 Servers in 3 MinutesHiroshi SHIBATA
 
EMBA Firmware analysis - TROOPERS22
EMBA Firmware analysis - TROOPERS22EMBA Firmware analysis - TROOPERS22
EMBA Firmware analysis - TROOPERS22MichaelM85042
 
Django dev-env-my-way
Django dev-env-my-wayDjango dev-env-my-way
Django dev-env-my-wayRobert Lujo
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Zoltan Balazs
 
(APP307) Leverage the Cloud with a Blue/Green Deployment Architecture | AWS r...
(APP307) Leverage the Cloud with a Blue/Green Deployment Architecture | AWS r...(APP307) Leverage the Cloud with a Blue/Green Deployment Architecture | AWS r...
(APP307) Leverage the Cloud with a Blue/Green Deployment Architecture | AWS r...Amazon Web Services
 
EMBA - Firmware analysis DEFCON30 demolabs USA 2022
EMBA - Firmware analysis DEFCON30 demolabs USA 2022EMBA - Firmware analysis DEFCON30 demolabs USA 2022
EMBA - Firmware analysis DEFCON30 demolabs USA 2022MichaelM85042
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 
Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot Tech Talk #10 — Practical automation by Kamil CholewińskiPilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot Tech Talk #10 — Practical automation by Kamil CholewińskiPilot
 
Ensuring Performance in a Fast-Paced Environment (CMG 2014)
Ensuring Performance in a Fast-Paced Environment (CMG 2014)Ensuring Performance in a Fast-Paced Environment (CMG 2014)
Ensuring Performance in a Fast-Paced Environment (CMG 2014)Martin Spier
 
Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)DECK36
 

Similar to PAC 2019 virtual Christoph NEUMÜLLER (20)

The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
.NET Debugging Workshop
.NET Debugging Workshop.NET Debugging Workshop
.NET Debugging Workshop
 
Large Scale Crash Dump Analysis with SuperDump
Large Scale Crash Dump Analysis with SuperDumpLarge Scale Crash Dump Analysis with SuperDump
Large Scale Crash Dump Analysis with SuperDump
 
Surge2012
Surge2012Surge2012
Surge2012
 
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
 
Advanced windows debugging
Advanced windows debuggingAdvanced windows debugging
Advanced windows debugging
 
Project Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docxProject Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docx
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
 
Large-scaled Deploy Over 100 Servers in 3 Minutes
Large-scaled Deploy Over 100 Servers in 3 MinutesLarge-scaled Deploy Over 100 Servers in 3 Minutes
Large-scaled Deploy Over 100 Servers in 3 Minutes
 
Defending Your "Gold"
Defending Your "Gold"Defending Your "Gold"
Defending Your "Gold"
 
EMBA Firmware analysis - TROOPERS22
EMBA Firmware analysis - TROOPERS22EMBA Firmware analysis - TROOPERS22
EMBA Firmware analysis - TROOPERS22
 
Django dev-env-my-way
Django dev-env-my-wayDjango dev-env-my-way
Django dev-env-my-way
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
 
(APP307) Leverage the Cloud with a Blue/Green Deployment Architecture | AWS r...
(APP307) Leverage the Cloud with a Blue/Green Deployment Architecture | AWS r...(APP307) Leverage the Cloud with a Blue/Green Deployment Architecture | AWS r...
(APP307) Leverage the Cloud with a Blue/Green Deployment Architecture | AWS r...
 
EMBA - Firmware analysis DEFCON30 demolabs USA 2022
EMBA - Firmware analysis DEFCON30 demolabs USA 2022EMBA - Firmware analysis DEFCON30 demolabs USA 2022
EMBA - Firmware analysis DEFCON30 demolabs USA 2022
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 
Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot Tech Talk #10 — Practical automation by Kamil CholewińskiPilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński
 
Ensuring Performance in a Fast-Paced Environment (CMG 2014)
Ensuring Performance in a Fast-Paced Environment (CMG 2014)Ensuring Performance in a Fast-Paced Environment (CMG 2014)
Ensuring Performance in a Fast-Paced Environment (CMG 2014)
 
Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)
 

More from Neotys

PAC 2020 Santorin - Giovanni Paolo Gibilisco
PAC 2020 Santorin - Giovanni Paolo GibiliscoPAC 2020 Santorin - Giovanni Paolo Gibilisco
PAC 2020 Santorin - Giovanni Paolo GibiliscoNeotys
 
PAC 2020 Santorin - Stijn Schepers
PAC 2020 Santorin - Stijn SchepersPAC 2020 Santorin - Stijn Schepers
PAC 2020 Santorin - Stijn SchepersNeotys
 
PAC 2020 Santorin - Edoardo Varani
PAC 2020 Santorin - Edoardo VaraniPAC 2020 Santorin - Edoardo Varani
PAC 2020 Santorin - Edoardo VaraniNeotys
 
PAC 2020 Santorin - Andreas Grabner
PAC 2020 Santorin - Andreas Grabner PAC 2020 Santorin - Andreas Grabner
PAC 2020 Santorin - Andreas Grabner Neotys
 
PAC 2020 Santorin - Vasilis Chatzinasios
PAC 2020 Santorin - Vasilis ChatzinasiosPAC 2020 Santorin - Vasilis Chatzinasios
PAC 2020 Santorin - Vasilis ChatzinasiosNeotys
 
PAC 2020 Santorin - Gopalkrishnan Yadav
PAC 2020 Santorin - Gopalkrishnan YadavPAC 2020 Santorin - Gopalkrishnan Yadav
PAC 2020 Santorin - Gopalkrishnan YadavNeotys
 
PAC 2020 Santorin - Hari Krishnan Ramachandran
PAC 2020 Santorin - Hari Krishnan RamachandranPAC 2020 Santorin - Hari Krishnan Ramachandran
PAC 2020 Santorin - Hari Krishnan RamachandranNeotys
 
PAC 2020 Santorin - Joerek Van Gaalen
PAC 2020 Santorin - Joerek Van GaalenPAC 2020 Santorin - Joerek Van Gaalen
PAC 2020 Santorin - Joerek Van GaalenNeotys
 
PAC 2020 Santorin - Ankur Jain
PAC 2020 Santorin - Ankur JainPAC 2020 Santorin - Ankur Jain
PAC 2020 Santorin - Ankur JainNeotys
 
PAC 2020 Santorin - Stephen Townshend
PAC 2020 Santorin - Stephen TownshendPAC 2020 Santorin - Stephen Townshend
PAC 2020 Santorin - Stephen TownshendNeotys
 
PAC 2020 Santorin - Leandro Melendez
PAC 2020 Santorin - Leandro MelendezPAC 2020 Santorin - Leandro Melendez
PAC 2020 Santorin - Leandro MelendezNeotys
 
PAC 2019 virtual Stephen Townshend
PAC 2019 virtual Stephen TownshendPAC 2019 virtual Stephen Townshend
PAC 2019 virtual Stephen TownshendNeotys
 
PAC 2019 virtual Federico Toledo
PAC 2019 virtual Federico Toledo PAC 2019 virtual Federico Toledo
PAC 2019 virtual Federico Toledo Neotys
 
PAC 2019 virtual Leandro Melendez
PAC 2019 virtual Leandro Melendez PAC 2019 virtual Leandro Melendez
PAC 2019 virtual Leandro Melendez Neotys
 
PAC 2019 virtual Mark Tomlinson
PAC 2019 virtual Mark TomlinsonPAC 2019 virtual Mark Tomlinson
PAC 2019 virtual Mark TomlinsonNeotys
 
PAC 2019 virtual Srivalli Aparna
PAC 2019 virtual Srivalli AparnaPAC 2019 virtual Srivalli Aparna
PAC 2019 virtual Srivalli AparnaNeotys
 
PAC 2019 virtual Reuben Rajan George
PAC 2019 virtual Reuben Rajan GeorgePAC 2019 virtual Reuben Rajan George
PAC 2019 virtual Reuben Rajan GeorgeNeotys
 
PAC 2019 virtual Joerek Van Gaalen
PAC 2019 virtual Joerek Van GaalenPAC 2019 virtual Joerek Van Gaalen
PAC 2019 virtual Joerek Van GaalenNeotys
 
PAC 2019 virtual Hemalatha Murugesan
PAC 2019 virtual Hemalatha Murugesan PAC 2019 virtual Hemalatha Murugesan
PAC 2019 virtual Hemalatha Murugesan Neotys
 
PAC 2019 virtual Bruno Audoux
PAC 2019 virtual Bruno Audoux PAC 2019 virtual Bruno Audoux
PAC 2019 virtual Bruno Audoux Neotys
 

More from Neotys (20)

PAC 2020 Santorin - Giovanni Paolo Gibilisco
PAC 2020 Santorin - Giovanni Paolo GibiliscoPAC 2020 Santorin - Giovanni Paolo Gibilisco
PAC 2020 Santorin - Giovanni Paolo Gibilisco
 
PAC 2020 Santorin - Stijn Schepers
PAC 2020 Santorin - Stijn SchepersPAC 2020 Santorin - Stijn Schepers
PAC 2020 Santorin - Stijn Schepers
 
PAC 2020 Santorin - Edoardo Varani
PAC 2020 Santorin - Edoardo VaraniPAC 2020 Santorin - Edoardo Varani
PAC 2020 Santorin - Edoardo Varani
 
PAC 2020 Santorin - Andreas Grabner
PAC 2020 Santorin - Andreas Grabner PAC 2020 Santorin - Andreas Grabner
PAC 2020 Santorin - Andreas Grabner
 
PAC 2020 Santorin - Vasilis Chatzinasios
PAC 2020 Santorin - Vasilis ChatzinasiosPAC 2020 Santorin - Vasilis Chatzinasios
PAC 2020 Santorin - Vasilis Chatzinasios
 
PAC 2020 Santorin - Gopalkrishnan Yadav
PAC 2020 Santorin - Gopalkrishnan YadavPAC 2020 Santorin - Gopalkrishnan Yadav
PAC 2020 Santorin - Gopalkrishnan Yadav
 
PAC 2020 Santorin - Hari Krishnan Ramachandran
PAC 2020 Santorin - Hari Krishnan RamachandranPAC 2020 Santorin - Hari Krishnan Ramachandran
PAC 2020 Santorin - Hari Krishnan Ramachandran
 
PAC 2020 Santorin - Joerek Van Gaalen
PAC 2020 Santorin - Joerek Van GaalenPAC 2020 Santorin - Joerek Van Gaalen
PAC 2020 Santorin - Joerek Van Gaalen
 
PAC 2020 Santorin - Ankur Jain
PAC 2020 Santorin - Ankur JainPAC 2020 Santorin - Ankur Jain
PAC 2020 Santorin - Ankur Jain
 
PAC 2020 Santorin - Stephen Townshend
PAC 2020 Santorin - Stephen TownshendPAC 2020 Santorin - Stephen Townshend
PAC 2020 Santorin - Stephen Townshend
 
PAC 2020 Santorin - Leandro Melendez
PAC 2020 Santorin - Leandro MelendezPAC 2020 Santorin - Leandro Melendez
PAC 2020 Santorin - Leandro Melendez
 
PAC 2019 virtual Stephen Townshend
PAC 2019 virtual Stephen TownshendPAC 2019 virtual Stephen Townshend
PAC 2019 virtual Stephen Townshend
 
PAC 2019 virtual Federico Toledo
PAC 2019 virtual Federico Toledo PAC 2019 virtual Federico Toledo
PAC 2019 virtual Federico Toledo
 
PAC 2019 virtual Leandro Melendez
PAC 2019 virtual Leandro Melendez PAC 2019 virtual Leandro Melendez
PAC 2019 virtual Leandro Melendez
 
PAC 2019 virtual Mark Tomlinson
PAC 2019 virtual Mark TomlinsonPAC 2019 virtual Mark Tomlinson
PAC 2019 virtual Mark Tomlinson
 
PAC 2019 virtual Srivalli Aparna
PAC 2019 virtual Srivalli AparnaPAC 2019 virtual Srivalli Aparna
PAC 2019 virtual Srivalli Aparna
 
PAC 2019 virtual Reuben Rajan George
PAC 2019 virtual Reuben Rajan GeorgePAC 2019 virtual Reuben Rajan George
PAC 2019 virtual Reuben Rajan George
 
PAC 2019 virtual Joerek Van Gaalen
PAC 2019 virtual Joerek Van GaalenPAC 2019 virtual Joerek Van Gaalen
PAC 2019 virtual Joerek Van Gaalen
 
PAC 2019 virtual Hemalatha Murugesan
PAC 2019 virtual Hemalatha Murugesan PAC 2019 virtual Hemalatha Murugesan
PAC 2019 virtual Hemalatha Murugesan
 
PAC 2019 virtual Bruno Audoux
PAC 2019 virtual Bruno Audoux PAC 2019 virtual Bruno Audoux
PAC 2019 virtual Bruno Audoux
 

Recently uploaded

Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...121011101441
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 

Recently uploaded (20)

Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 

PAC 2019 virtual Christoph NEUMÜLLER

  • 1. Large Scale Enterprise Crash Dump Analysis By Christoph Neumüller Product Architect @ Dynatrace
  • 2. Large Scale Enterprise Crash Dump Analysis • The journey that led to an tool (SuperDump) that fully automates crash dump analysis • How we reduced the time it takes to analyze a crash dump from to • How automation transformed our workflow
  • 4. Astory from 2014 • Peter (Customer): "We have a problem with your product. It's crashing." • Steffi (Support): "Ok, please create a crash-dump and upload it to our support-portal." • Peter (Customer): "Ok, here you go." • Steffi (Support): "Development, this customer has [problem X], please have a look at these crash dumps." • Luke (Development): "Oh, I've never done this before. Sarah, you have experience with this. Can you help?" • Sarah (Development): "Sure. (Downloads 500MBfile). Oh, it's a windows dump. Can't analyze that on my Linux box. Tom, can you take this?" • Tom (Development): "Ok. (Downloads 500MB file). Configures symbol server. Uses Visual Studio to see stacktraces. Makes screenshots and attaches them to JIRA." • Next day: Luke (dev): "Thanks Tom. I've almost got it. Can you find out this [detail X] for me?" • Tom (dev): "Sigh. Loads dump again, this time in a different tool (WinDbg), as it allows deeper research. Finds [detail X]." • Luke (dev): Finds and fixes problem. • ... • Next week: "Hey Tom, I have 20 new crash dumps, can you analyze them?" • Tom: “Great Scott. We need to automate this."
  • 6. Crash dumpanalysis • A crash dump is: • Windows: „.dmp“ (FullDump, MiniDump) • Linux: „.core“ (Coredump) • Crash dump analysis is like going back in time to inspect a certain event • The goal is usually to find the faulting thread, the faulting stackframe and thus the line of code caused the fault (e.g. access violation, segfault, ...) • We‘re focused on native (C++) and managed (.NET) crash analysis
  • 7. • Visual Studio • Easy. Basic analysis. Windows. • DebugDiag • Easy. Emits HTML report. Windows. • GDB • Intermediate. Advanced analysis. Linux. • WinDbg • Hard. Advanced analysis. Windows. Commontools forcrash dumpanalysis (C++,.NET)
  • 8. Anexample: WinWbg |. (status about process) ~15s (select thread 15) k (native stack) ~* k (all native stacks lmf (show loaded modules) .exr -1 (last exception) .cordll -ve -u –l (get SOS loaded) !clrstack (managed .net stack) ~*e !clrstack (show all managed .net stacks) x *! (show symbol paths) • Expert tool: very powerful, but hard to learn
  • 9. Crash dumpanalysis istimeconsumingand sometimeshard • Simple analysis needs preparation • Tools installed • Symbol servers properly configured • Different tools required for Windows and Linux • Simple analysis is repetitive • Download crashdump • Open tool (e.g. WinDbg) • Find list all stacks with exceptions • Post results to JIRA • Deep analysis is considered „dark magic“ art • Nasty crashes are hard to crack (memory corruptions, deadlocks)
  • 10. What was our problem in our story?
  • 11. Ourproblems • Experts required • Multiple devs needed to be involved • Although we had a few distibguished experts, not nearly all developers were experienced in crash dump analysis • Workflow cumbersome • Passing around large files (what about data security and retention?) • Time effort • Setup and running analysis is time consuming. Expert time is wasted. • How can we scale this? • We want to become more proactive about bugs & crashes. Automatically capture every crash from Test, Staging, Production (selected) & Support.
  • 12. Our journey to automation
  • 15. That’s cute. But does it help productivity yet?
  • 17.
  • 18.
  • 19.
  • 20. Step3: Automateworkflow It also helps non-Windows developers to quick- assess crash-dumps more easily! Nice! Non-experienced people can analyze dumps without special tools and knowhow. Crash dumps can be referred to per URL https://superdump.acme.org/Home/Report?bundleId=zgi5110&dumpId=wkc9242
  • 21. Step3: Automateworkflow SuperDump.Analyzer.exe SuperDump.Service.exe CLRMD ASP.NET Core result.json.dmp Web-Frontend JIRA Support REST API Developers Hangfire Tests curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "url": "https://dumps.local/mydump.dmp", }' 'http://superdump.local/api/Dumps' Response: { "location": "http://superdump.local/Home/BundleCreated?bundleId=czs6140", "date": "Fri, 05 May 2017 20:13:04 GMT", }
  • 22. Awesome. Analysis is already finished by the time a dev gets involved. But still not enough. What if I want to investigate a very special case. I want all the power of WinDbg. But in the browser...
  • 23. Step4: Allowdeep analysis SuperDump. Analyzer.exe SuperDump.Service.exe CLRMD ASP.NET Core result .json Web-FrontendREST API cdb.exe (WinDbg) Websockets I/O Redirect Browser jquery. console Developers Hangfire JIRA Support Tests
  • 24.
  • 25. Wow. Now even deep investigations can be made in the browser. No need for local tools anymore. This is a game changer for non-Windows developers.
  • 27.
  • 28. Neat. No more Linux VM’s necessary for Windows developers to debug Linux coredumps.
  • 29. Linux Architecture SuperDump. Analysis.exe SuperDump.Service.exe CLRMD ASP.NET Core result .json Web-FrontendREST API cdb.exe (WinDbg) Websockets I/O Redirect Browser jquery. console Docker for Windows result .json Developers Hangfire JIRA Support Tests Linux container gotty (remote TTY) GDB I/O Redirect https://github.com/yudai/gotty SuperDump.Analyzer.Linux.exe libunwind
  • 30.
  • 31. More goodness... • LDAP Authentication & User Roles • Audit Logging • JIRA integration (backlink detection) • Automatic data retention • Slack-Notifications • Similiarty detection • Elasticsearch storage (for indexing and search)
  • 34. What changed byautomaticcrash dumpanalysis? (1) • Speed • Triaging crash dumps down from to ! • Enabling people • Non-experienced people are capable of simple crash analysis • No more local tools & setup required (all in the browser) • Experts not blocked so much anymore • Communication • Referring to a crash via URL changed a lot. Can be referenced in JIRA, E-Mail, Slack. Better than passing huge files around.
  • 35. What changed byautomaticcrash dumpanalysis? (2) • Security • Files are kept in a secure location. Audit-log for access. Automatic retention. • Scalability • We can now assess every single crash dump from tests, from staging, from production. • Can analyze up to 1000+ crash dumps per day. • Quality improved • Since analysis is easier, we are much more pro-active and feed all available sources into SuperDump. It has increased our product quality.
  • 37. SuperDumpand OpenSource • Open-sourced in 2017 with permissive license (MIT): https://github.com/Dynatrace/superdump • Maintained and actively used at Dynatrace • (not as a commercial product) • Roadmap: • Generic analyzer framework to enable not only crash-dump analysis but also analysis of logfiles, java hs_err_pid, … (a.k.a. generic “dumps” of data) • Kubernetize SuperDump (be able to scale analyzers up and down) • Better clustering and visualization of duplicates • Contributions and feedback are welcome ☺
  • 39. Summary • What is crash-dump analysis and how we did it in 2014 • The journey to automation and how it led to SuperDump • How automation via SuperDump transformed us • This led to • Analysis time down from to ! involved quality through
  • 40.
  • 42. Howto create acrash dump • Windows Task Manager (manual, be aware of bitness!) • Process Explorer (SysInternals, manual) • ProcDump (SysInternals, can dump on crash!) • Windows Error Reporting (automatic, if enabled) • DebugDiag (automatic, if enabled) • dbghelp.dll API (MiniDumpWriteDump, it’s on you!) • Linux: Adapt “kernel.core_pattern”