• 2025-03-16 Hijacking a Python upload server: writeup from Insomni'hack CTF 2025

  This blog post is a write up of an “Upload Server” challenge where we had to hack a simple server written in Python and steal a secret file (flag) from it. The task is from the Insomni’hack CTF 2025 competition that I played with my team, justCatTheFish in Lausanne, Switzerland. We scored 4th place (or 5th overall, though academic teams had separate ranking). Below you can see how it looked like :).

  Read more
• 2025-03-03 When NULL isn't null: mapping memory at 0x0 on Linux

  When we think of a null pointer, NULL in C or nullptr in C++, we typically assume it is “invalid” or “not pointing to a valid memory location”. But what if I tell you that a null pointer can actually point to valid memory under certain conditions? In this post, we will see this on Linux.

  Read more
• 2024-08-04 Debugging running Python scripts with PDB via GDB

  A friend of mine had an interesting case recently where they wanted to debug an already running Python script on Linux and after some testing it turned out this is possible, so let’s see how it can be done in CPython :).

  Read more
• 2024-06-20 Python specialized bytecode and pycjail returns challenge solution

  I gave a talk on “Python specialized bytecode” on Pykonik #70 where I also made a walkthrough over the “pycjail returns” challenge from ångstrom CTF 2024. The video can be found here and its slides here.

  Read more
• 2024-05-16 Understanding AddressSanitizer blog post

  Some time ago during an audit I found an out-of-bounds bug that was not detected by AddressSanitizer. This spawned a whole research at Trail of Bits which I talked and wrote about in details!

  Read more
• 2022-08-21 Pwndbg coding sprints report

  This blog post is a report of the two coding sprints for the Pwndbg project that I organized first on the EuroPython 2022 conference and then, taking inspiration from the previous one, in the Hackerspace Kraków, located in Cracow, Poland.

  Read more
• 2021-02-16 Terrible inet_aton in glibc

  TLDR: The man inet_aton states that “inet_aton() returns nonzero if the address is valid, zero if not” …and so it is sometimes used to check if a string is a valid IP address. Which should be fine, but isn’t, because some implementations are weird.

  Read more
• 2020-06-09 Checking if a mutex is locked in Go

  I have written a blog post about checking if a mutex is locked in Go. It can be found at https://blog.trailofbits.com/2020/06/09/how-to-check-if-a-mutex-is-locked-in-go/.

  Read more
• 2020-04-09 Back to the blog

  I haven’t written any post in here for some time and I want to fix that. For now, it is probably worth mentioning that in the meantime I gave many talks, reviewed some articles in Paged Out! and wrote two articles:

  • A blog post on Trail of Bits blog: “Understanding Docker container escapes”
  • An article “from cpython_exploit_ellipsis import *” to Paged Out! #01

  Read more
• 2018-11-12 Reboot your pc from a docker container

  I came back from a PUT Security Day where I gave a talk about Docker security. One of the questions I asked myself when preparing the talk is whether one can reboot their PC (aka host machine) from a docker container.

  Read more
• 2018-02-24 Logs injection or why is logs tailing unsafe

  I have been playing with one of Android apps that pushes some messages to logs based on user input recently and I have noticed that adb logcat is as bad as tail -f when it comes to following logs.

  Read more
• 2017-10-21 JHtC4BSK translatespeak [web] writeup

  This is a writeup of translatespeak{1,2,3} web security related tasks I have prepared for JHtC4BSK CTF that was held mainly for MIMUW students by JHtC.

  Read more
• 2017-06-29 Gynvael's PL stream 006 mission solution

  This is a writeup to small stegano task from Gynvael Coldwind’s polish stream 6th mission (there are small tasks at the end of his livestreams).

  Read more
• 2017-06-25 Google CTF 2017 - Inst Prof [pwn]

  This post is a full writeup and walkthrough of a ‘Inst Prof’ binary exploitation challenge from Google Quals CTF 2017. I have used a return-oriented programming exploitation technique to solve it.

  Read more
• 2017-05-29 Gynvael's PL stream 004 mission solved with angr

  This is an angr writeup to a “spaghetti code” task from Gynvael Coldwind’s polish stream 4th mission (there are small tasks at the end of his livestreams).

  Read more
• 2016-11-09 Security PWNing Conference 2016 oraz CTF od P4

  Niedawno wróciłem z Security PWNing Conference 2016 organizowanej przez wydawnictwo PWN oraz Gynvaela Coldwinda. Z całą pewnością można powiedzieć, że to jedna z lepszych konferencji poświęconych tematyce bezpieczeństwa IT w Polsce.

  Read more
• 2016-06-01 Confidence CTF Teaser 2016 - GoBox and GoBox2 [pwn]

  This is a writeup from Confidence CTF Teaser 2016 - GoBox and GoBox2 tasks from pwn category.

  The program was a Go lang sandbox that asked for input - a valid Go program. Then it compiled and executed it. The binary was running on a server and the goal was to launch external program on it.

  Read more
• 2016-05-02 Google CTF 2016 - For2 [Forensics]

  This is a writeup from Google CTF 2016 - For2 task from forensics category.

  We have got a capture.pcapng file, which is a sniffed USB traffic from an usb mouse (yeah, you can capture it e.g. with Wireshark).

  Read more
• 2016-04-01 C++ Boost.Preprocessor and template loops

  Today I will write a story about how I saved myself a lot of writing with just a few lines of code (that doesn’t mean it took little time :P).

  Read more
• 2015-10-10 One extract to rule them all

  From time to time everyone has to extract an archive. When living in a command line the problem of such task is to remember all of the arguments to every of the tools/programs that let you extract different types of archives.

  Read more

subscribe via RSS