Posts
-
Jun 20, 2024
Python specialized bytecode and pycjail returns challenge solution
I gave a talk on “Python specialized bytecode” on Pykonik #70 where I also made a walkthrough over the “pycjail returns” challenge from ångstrom CTF 2024. The video can be found here and its slides here.
Read more -
May 16, 2024
Understanding AddressSanitizer blog post
Some time ago during an audit I found an out-of-bounds bug that was not detected by AddressSanitizer.
Read more -
Aug 21, 2022
Pwndbg coding sprints report
This blog post is a report of the two coding sprints for the Pwndbg project that I organized first on the EuroPython 2022 conference and then, taking inspiration from the previous one, in the Hackerspace Kraków, located in Cracow, Poland.
Read more -
Feb 16, 2021
Terrible inet_aton in glibc
TLDR: man
inet_aton
states:inet_aton()
returns nonzero if the address is valid, zero if not -
Jun 9, 2020
Checking if a mutex is locked in Go
I have written a blog post about checking if a mutex is locked in Go. It can be found at https://blog.trailofbits.com/2020/06/09/how-to-check-if-a-mutex-is-locked-in-go/.
Read more -
Apr 9, 2020
Back to the blog
I haven’t written any post in here for some time and I want to fix that. For now, it is probably worth mentioning that in the meantime I gave many talks, reviewed some articles in Paged Out! and wrote two articles:
- A blog post on Trail of Bits blog: “Understanding Docker container escapes”
- An article “
from cpython_exploit_ellipsis import *
” to Paged Out! #01
-
Nov 12, 2018
Reboot your pc from a docker container
I came back from a PUT Security Day where I gave a talk about Docker security. One of the questions I asked myself when preparing the talk is whether one can reboot their PC (aka host machine) from a docker container.
Read more -
Feb 24, 2018
Logs injection or why is logs tailing unsafe
I have been playing with one of Android apps that pushes some messages to logs based on user input recently and I have noticed that
Read moreadb logcat
is as bad astail -f
when it comes to following logs. -
Oct 21, 2017
JHtC4BSK translatespeak [web] writeup
This is a writeup of translatespeak{1,2,3} web security related tasks I have prepared for JHtC4BSK CTF that was held mainly for MIMUW students by JHtC.
Read more -
Jun 29, 2017
Gynvael's PL stream 006 mission solution
This is a writeup to small stegano task from Gynvael Coldwind’s polish stream 6th mission (there are small tasks at the end of his livestreams).
Read more -
Jun 25, 2017
Google CTF 2017 - Inst Prof [pwn]
This post is a full writeup and walkthrough of a ‘Inst Prof’ binary exploitation challenge from Google Quals CTF 2017. I have used a return-oriented programming exploitation technique to solve it.
Read more -
May 29, 2017
Gynvael's PL stream 004 mission solved with angr
This is an angr writeup to a “spaghetti code” task from Gynvael Coldwind’s polish stream 4th mission (there are small tasks at the end of his livestreams).
Read more -
Nov 9, 2016
Security PWNing Conference 2016 oraz CTF od P4
Niedawno wróciłem z Security PWNing Conference 2016 organizowanej przez wydawnictwo PWN oraz Gynvaela Coldwinda. Z całą pewnością można powiedzieć, że to jedna z lepszych konferencji poświęconych tematyce bezpieczeństwa IT w Polsce.
Read more -
Jun 1, 2016
Confidence CTF Teaser 2016 - GoBox and GoBox2 [pwn]
This is a writeup from Confidence CTF Teaser 2016 - GoBox and GoBox2 tasks from pwn category.
The program was a Go lang sandbox that asked for input - a valid Go program. Then it compiled and executed it. The binary was running on a server and the goal was to launch external program on it.
Read more -
May 2, 2016
Google CTF 2016 - For2 [Forensics]
This is a writeup from Google CTF 2016 - For2 task from forensics category.
We have got a
Read morecapture.pcapng
file, which is a sniffed USB traffic from an usb mouse (yeah, you can capture it e.g. with Wireshark). -
Apr 1, 2016
C++ Boost.Preprocessor and template loops
Today I will write a story about how I saved myself a lot of writing with just a few lines of code (that doesn’t mean it took little time :P).
Read more -
Oct 10, 2015
One extract to rule them all
From time to time everyone has to extract an archive. When living in a command line the problem of such task is to remember all of the arguments to every of the tools/programs that let you extract different types of archives.
Read more
subscribe via RSS