Top secret

I was recently working on a project that contained secrets in source control. The team was aware of this fact but had never been able to allocate time to get rid of them. The circumstances changed and I was tasked with cleansing the repository. I was still unfamiliar with the code-base so I started to look around for config files. I realised quickly this approach would not work out:

  • Some secrets were hard-coded directly in the code
  • Some secrets had previously been committed to source control but had since then been removed

I needed a tool that would not only attempt to identify secrets but would also do so over the complete Git history.

Continue reading

Azure VM pricing

I was recently faced with an interesting problem. A company wanted to cost the migration of thousands of VMs to Azure using a lift and shift approach (also known as rehost). Due to the short deadline, we were not able to get our hands on detailed data. All we were provided with was a machine name, CPU cores count, RAM and a description field that was sometimes populated. Utilisation, storage and network usage were notably missing. We knew we couldn’t cost the migration accurately due to these unknowns, but we had enough data to cost the VMs themselves as we had access to CPU cores count and RAM. I must also add that the VMs varied greatly in their hardware specifications.

Microsoft offers a pricing calculator but it only supports manual input which disqualified it for our use case. A few Microsoft employees wrote web applications automating the pricing of VMs by importing Excel spreadsheets or CSV files. The ones I tried only offered USD as a currency and choked for anything bigger than a few hundred VMs. The output file was using a en-us culture so it had to be post-processed before being open in Excel. I didn’t have the time to review and select a commercial solution (Azure Migrate requires to create a VM on-premises which was not possible). At the end of the day I came up with a semi-automated process that did the trick, but I felt that not much work would be required to empower teams to price VMs based on a limited data set.

Continue reading

Advanced .NET Debugging #2

I’m continuing to read the excellent Advanced .NET Debugging by Mario Hewardt. Last time I looked at finding the entry point of a native image. This time around I’ll be investigating the launch of a managed image by Windows.


  • A hex viewer
    • I used the PE CLR Viewer (disclaimer: I created this truly ugly looking website)
Continue reading

WinDbg #2 - The blocked async

Today’s exercise is not an exercise! The investigation I’m about to describe was triggered by a production outage affecting multiple APIs - albeit not at the same time - at a customer. For obvious reasons I’ll not be able to share the code and will have to alter / obfuscate some of the commands’ results. I still think this is a valuable exercise as it is a classic example of an easy to make mistake leading to a catastrophic result.

The other interesting point is that I had no idea what the issue was so I’ll not be following a script as I did in the first instalment.

Continue reading