17 things I've learned in my first month as a security engineer

Remember how I write a blog about drivers and Windows and stuff? SURPRISE! Your drivers girl is now a security engineer. As a kid, I actually went through a phase where I wanted to be a hacker when I grew up - guess I’m livin’ the dream now. A lot of people are curious about what it’s like to be a penetration tester (which is a person who is paid by the good guys to hack into things before the bad guys can. That way, the good guys can fix it).

Read More

SetThreadpoolTimer, or "Why is time so hard in Windows"

If you’ve ever written code to fire a timer in x seconds from now, it’s generally pretty straightforward. Usually you just call some function and tell it “I want you to fire in 5 seconds” and “here’s what method to call once the timer goes off!”.

Read More

Developer To CTO Newsletter feature

The folks behind the awesome Developer to CTO newsletter deigned me worthy of an interview. In their own words, “Developer to CTO is a weekly newsletter that provides career advice to software developers. We conduct interviews with senior technical leaders for our readers to gain insight into their career paths.”

Read More

How to debug Windows bugcheck 0x9F, parameter 3

This post is for driver or kernel developers/enthusiasts who have encountered a Blue Screen of Death on Windows where the bugcheck code is 0x9F, DRIVER_POWER_STATE_FAILURE, and parameter 1 is 0x3. There are a few variants on DRIVER_POWER_STATE_FAILURE, but this one is when a device object has been blocking an IRP for too long a time.

Read More

Priority Inversions on Mars - Inspired by The Martian

I recently read and extremely enjoyed The Martian by Andy Weir, so I thought a little The Martian themed post is in order. Don’t worry if you haven’t read the book (or seen the movie) – this post doesn’t require any knowledge of the book (you should still read it, though. It’s that good.) or even of priority inversions. There are also no spoilers about The Martian beyond what you could get from reading the back cover, so read on.

Read More

...But can we do better? Code Optimization - Why You Should Do It and How To Start

When I first learned to program in high school and college, the emphasis was on correctness and not on performance. When I taught students programming in college as a teaching assistant, I would often point out a suboptimal code path to the student. I can’t tell you how many times I heard the following phrase: “Well, processors are fast enough these days that it doesn’t really matter. Even still, the compiler will optimize it away”.

Read More