My talks (v2)

• Pwndbg & Escaping the matrix: exploiting custom QEMU cpu bugs from a HXP CTF 2024 task slides writeup
  Intro to Pwndbg + walkthrough of a QEMU escape CTF challenge.

• Hacking kiosk interfaces v1.1 slides

• ⚡Coordination (or shared state) kills performance slides
  False sharing of data in multicore systems.
• Hacking kiosk interfaces v1.0 slides

• PL⚡Trail of Bits: PEP 543 / PEP 748 — A Unified TLS API for Python video
• PL⚡GitHub releases are mutable tags, immutable releases, recent supply-chain attacks (ts-action, trivy, llmlite), dependency cooldowns video
• PL⚡Reforma języka polskiego 2026 video
• PL⚡Python Multiprocessing followup/insights video

• PLDebugowanie niskopoziomowe: strace, GDB, Pwndbg event
  Prezentacja o badaniu działania programów na Linuxie z użyciem strace, GDB i Pwndbg.

• ⚡Trail of Bits spotlight video
  ToB skills for Claude, sandboxing Claude, and the claude-code-devcontainer project.

• Docker DNS wtf slides video
  "Folly" challenge from HXP CTF 2025 + a potential unintended solution. Plus lightning talks on a Time magazine XSS and Claude Code context size.

• Organized "All CTFers and PWNers welcome: Pwndbg meetup" with k4lizen event details

• ⚡Let's talk about cool tools in da web slides video
  Based on the "Stop Putting Your Passwords on Random Websites" article.

• AI Security
  Split into 4 parts: 1) AI & LLM 101, 2) AI hygiene — data privacy & security, 3) security when developing with LLMs / vibe coding, 4) AI products security (prompt injections, model attacks, LLM vuln scanners, guardrails).

• GitHub Actions workflows are cool, so let's hack them slides video pt 1 pt 2

• Pwndbg: walkthrough of features, commands and functions

• PLIT 101 slides
  Talk for KNI Kernel students about IT/CS, how to learn, what you can do.

• ⚡Pwndbg and escaping QEMU cpu bugs slides

Also placed 3rd in HexaCon's "speed hacking challenge".

• Escaping the matrix: exploiting custom QEMU cpu bugs in a HXP CTF 2024 task slides

• Pwndbg: Low level debugging and exploit development with Python slides video

• Escaping the matrix: exploiting custom QEMU cpu bugs from a HXP CTF 2024 task with Pwndbg slides
  QEMU escape challenge from HXP CTF 2024 + Pwndbg tips and tricks.

• PLCiekawe przykłady insecurity z życia i CTF-ów
  Różne przypadki błędów bezpieczeństwa — na przykładach.

• Open source development study: Pwndbg slides video
  Journey of OSS development and maintaining Pwndbg, a free & open-source GDB/LLDB plugin written in Python for security research, low-level debugging, RE and exploit dev.
• ⚡Vermin, GitHub Copilot reviews, MyPy annotations video
  Extension of the main Pwndbg talk above.

• ⚡6–7 lightning talks (EN & PL) slides
  • Hans the clever horse story (non-technical, source)
  • Insomni'hack 2025 talk on hacking "non-touch" buttons
  • Mocking the "Linux Session" conference as "18th Windows Session" (from Pykonik #63)
  • Solution to "UploadServer" Python challenge from Insomni'hack CTF 2025 (5th place as justCatTheFish; writeup)
  • Google Summer of Code & Python Summer of Code 2025
  • Docker Desktop for macOS and --privileged containers — safer than on pure Linux?
  • Teaser about Model Context Protocol (MCP) for LLMs

• Insomni'hack 2025 conference and CTF wrap-up slides
  Takeaways from the conference and a solution to one of the CTF tasks.

• PL⚡vimdiff-ing GitHub roles and CPython 3.14 tail-call interpreter (that it exists) video

• PL⚡Linux kernel 6.14rc — protecting interpreters from executing random code (AT_EXECVE_CHECK for execveat + securebits) video

• PLPython 3.13 JIT experiment: hot or not? slides video
  On the recently added experimental JIT in CPython (disabled by default).
• PL⚡Pdb vs ipdb import time and the peephole optimizer video

• Python specialized bytecode: hacking a Python jail slides

• ⚡justCTF 2024 Finals and NFC Flag Market challenge slides

• Security pitfalls case studies from real-life bugs and CTFs slides
• justCTF 2024 Finals — challenges and finalists announcements slides
  Given with my CTF team on the justCTF 2024 Finals we organized at HackYeah, the biggest hackathon in EU.

• ⚡CTFTime name squatting and "Funny LFR" web challenge (SEKAI CTF 2024) slides
  Showed leaking environment variables in a local-file-inclusion case via a TOCTOU vulnerability.

• Linux privesc via arbitrary x86 MSRs read/write bug — case study from a CTF challenge slides
  Walkthrough of "MSRable" from KalmarCTF 2024 — x86-64 Linux kernel exploitation where unprivileged users can read/write arbitrary MSRs.

• Python specialized bytecode: hacking a Python jail slides video
  Solving a "pycjail returns" challenge from Angstrom CTF 2024 — what specialized bytecode is, where such jails appear in real code, and how to do them better (hint: usually don't).
• ⚡Lightning talks
  • justCTF 2024 Teaser competition
  • Zero-gravity flight
  • Research paper/code developed for the Interstellar movie (paper)

• Linux privesc via arbitrary x86 MSRs read/write bug slides video
  Same MSRable / KalmarCTF 2024 walkthrough as WarCon.

• PL⚡Lightning talks video
  • Django admin used for CTF management
  • Attaching to and debugging already-running Python scripts
  • The xz backdoor case
  • Google Summer of Code 2024 & Python Summer of Code 2024
  • SFI — Studencki Festiwal Informatyczny 2024

• Organized two PWNing meetups (Pwndbg, Pwntools)
  Recap in the Trail of Bits blog post.

• PLInformation Security event slides
  Intro talk about cybersecurity / information security.

• PLAddressSanitizer — detecting memory corruption bugs in native programs event video
  ASan internals, container overflows, Valgrind, sanitizers and fuzzing.

• PLBlockchains 101 event slides
  Entry-level talk: blockchains, consensus, PoW vs PoS, mining, wallets, EVM smart contracts and various security pitfalls.

• PLHakowanie CTFowego hypervisora (x86-64) i przypadkowy 0day slides
  A QEMU emulation 0day related to nested VMs.

• ⚡Taint Tracking in Rust + Serde's serialize_struct quirk slides video

• Hacking a toy hypervisor and finding a QEMU emulation 0day slides
  Live demos too.
• ⚡Hacking kiosks slides
• ⚡GDB & QEMU improvements and set scheduler-locking on slides
• ⚡"Collector" task from PlaidCTF 2023 — Postgres replica "bug" slides

• The curious case of (not) removing files on Linux & others video
  testdisk, weird case of big files on disk, WebAssembly, and a Google CTF Chrome/V8 pwn.

• 4 not-so-lightning talks slides stream
  Optimizing Pwndbg "vis_heap_chunk", LibCST CodeMods, and QRinception.

• PLClose to low level: from CPU and compilers to fast code event slides video
  How CPUs work / why they are fast, then benchmarks from my bachelor thesis to see why certain things were fast or slow.

• 4 not-so-lightning talks slides video
  Defacing a conference website, weird Postgres replica bug, environment variables "hiding", and CPython 3.11 speed improvements.

• ⚡Weird .pyc file that executes unexpected code due to a Python zip importer bug video
  Based on a tweet from David Buchanan; see also this tweet.

• PLVirtualization and security event slides video
  Background on emulation/virtualization, then exploiting a buggy hypervisor in HXP CTF 2022's "Hypersecure" to escalate privileges on Linux.

• PLWhat the CTF? event slides video

• Secure your Python code with fuzz testing slides video

• PLC/C++ vs Security? event slides video

• PLHacking a single-player game on Linux event
  Live demo of applying cheats to games with GDB and Pwndbg.

• Hacking a single-player game on Linux
  Live demo of applying cheats with GDB and Pwndbg.

• CPython bugs slides video
• ⚡Programming is hard pt. 1 slides video

• Extending AddressSanitizer support for C++ collections slides
  Co-presented with Tacet — research project at Trail of Bits. See also this blog post.

• Hacking a single-player game on Linux
  Live demo with GDB and Pwndbg.

• PLHow does Docker work under the hood? event slides video
  Overview of Docker (CLI & daemon) and a deep dive into namespaces, cgroups, capabilities, plus security flags.

• PLLinux & Security part 2 event slides
  Logs (dmesg, rsyslogd, journald), log injection, a logrotate race condition, and safer proc filesystem mount options.

• CPython bugs review slides video
  A few CPython bug cases, some still present and posing security risk for admins or organizations.

• PLLinux & Security event slides
  User vs kernel space isolation, syscalls, what a "user", uid or pid is, PID-reuse attacks, file types, permissions, suid binaries.

• PLHow to learn IT slides
  Non-technical talk on how to learn IT/CS.

• Various interesting (and not) bugs case studies slides video
  "cstrnfinder" research finding bugs in C string ops, an insufficient permission check enabling kASLR bypass in containers, and a small glibc allocator hardening idea.

• ⚡sudo python is a trap, use isolated mode slides video
  Showcase of the "Readline module loading in interactive mode" Python security bug.

• PLAttacking via Linux's procfs, and countermeasures for app developers slides
  procfs internals, arbitrary file reads, directory listings via path traversal, readlink /proc/PID/exe quirks, PID-reuse attacks and pidfd, plus hidepid/gid mount options.

• Semantic safety won't save you slides
  Sample of security traps in Python, Go and C — how "safe" semantics still let you shoot yourself in the foot. Co-developed with @b0bbytabl3s.

• PLBebechy kontenerów Dockerowych oraz Grand Theft Ucieczki z uprzywilejowanych kontenerów slides
  Same as the AlligatorCon presentation. Title ended up too baity though.

• Python internals — how does CPython work? slides
  ~2h deep dive into CPython and its VM: bytecode, .pyc files, disassembling, decompiling, full execution flow.
• Python internals — let's talk about dicts
  Same as Pykonik #43.
• ⚡Regexes WT#? slides
  A DoS in Django, a wrong Signal-Desktop regex, and a reminder about re.VERBOSE.
• ⚡PagedOut! slides
  The PagedOut! free zine + my article on hacking Python's ellipsis.
• ⚡Python security issues slides
  Overview of random existing Python security bugs.
• ⚡PyYAML WT#
  A rant about PyYAML: 4.1 changed safe_load into load (reverted and removed from pypi); 5.1 was supposed to make load safer but still insecure.
• ⚡A story of a 3d nickname slides video
  Origin of the '3d' in my nickname and a bit about IRC communities.

• Fancy "privileged" Docker container escapes slides
  Linux kernel features used by Docker (namespaces, cgroups, capabilities, seccomp, AppArmor) and what "privileged" really means; one escape narrowed down to --cap-add=SYS_ADMIN --security-opt apparmor=unconfined.

• PLHow does CPython work slides
  ~2h talk going deeply into the CPython VM with an emulation example.

• Python internals — let's talk about dicts slides
  ~45 min talk on hashing, the weird case of hashing -1, mutable values, dict updates and more.

• Low level debugging with Pwndbg slides demo
  More robust version of this talk.

• PLLow level debugging with Pwndbg slides

• PLDocker security slides video
  Talk in Polish, slides in English.

• Docker security
  Same as PUT Security Day. Is root in the container the same as on host? Is it safe to add untrusted users to the docker group? How to make your app safer?

• Let's play: Code Review slides

• ⚡Soft and hard links on Linux: symbolic and physical links
  Demo about links and some flaws (long paths, interesting links in /proc, etc.). No slides.

• Insecure Things to Avoid in Python slides
  ThaiPy talk + info on hosting my 'Python-challenges' challenge.
• ⚡Random cool stuff in Python slides
  __dict__, __slots__, exec usages in CPython (namedtuple, Python 3.7 dataclasses).
• ⚡How does CPython work? slides
• ⚡How to be a better developer slides
• ⚡Decrypting Android Ransomware slides
• ⚡"I hate Portals" — ReverseMe challenge slides
  Cool solutions to my 'Python-challenges' challenge.

• Python Reversing Challenge slides

• Some insecure Things to Avoid in Python slides
  pickle, yaml, eval (and its pseudosandbox), safeeval.

• Let's play code review: how to write better Python code first time slides

• Insecure Things to Avoid in Python slides
• ⚡Unix wildcards gone wild
  See PyCon PL 2016 link.

• Python as a hacker's toolbox vol 2 slides

• Python as a hacker's toolbox vol 2 slides
• ⚡A simple step for better security when using Python slides
• ⚡Python AST rewriting: 'how does PyTest do that' slides

• PLCapture The Flag: an interesting way of spending time slides

• ⚡Capture The Flag slides
• ⚡Unix wildcards gone wild slides

• PLUnusual debugging tools slides & examples

• PLSQLi, XSS, CSRF: vulnerabilities from web applications slides
  Demoed common web vulns and exploitation techniques. Co-authored with Magdalena Jaroszyńska.
• PLReverse engineering and exploiting bugs in native x86/x86_64 apps — 1/3 (intro) slides
  Diploma seminar intro: registers, basic x86, call/leave/ret flow and bug sources.
• PLReverse engineering ... — 2/3 (mid-semester) slides
  RE walkthrough of a CTF challenge: disassembly via IDA Pro, dynamic analysis, Z3 for the win condition; ASan, ELF mitigations, exploitation techniques.
• PLReverse engineering ... — 3/3 (summary) slides
  ELF mapping to memory, fuzzing, symbolic execution, an interesting heap-related bug, and more.

• PLCTFs
  Similar to the Code Europe 2016 talk.
• PLShells, buffering and IPython slides
• PLHow to learn IT slides
• PLNot working for me either — debugging tools for Linux and Windows
  GDB, ltrace, strace, Valgrind, Sysinternals, Dependency Walker, debugging via PyCharm/Visual Studio. Co-presented with Alex.
• PLPython from scratch course materials
  With Alex.
• PLCTF workshops (2016, 2017) materials
  Many topics, mainly low-level.