About me

This blog contains my private/personal notes on random topics I found worth to write about.

Here is also a bunch of info on me ;).

• Name: Dominik ‘disconnect3d’ Czarnota

• E-mail: dominik.b.czarnota+dc@gmail.com

• GitHub: disconnect3d

• Twitter/X: @disconnect3d_pl (prefer e-mail)

• Infosec.exchange: @disconnect3d

• LinkedIn: Dominik Czarnota

• Staff Security Engineer @ Trail of Bits

• Captain of justCatTheFish CTF team (previously captain of Just Hit the Core)

• Maintainer of Pwndbg – a plugin for GDB for reverse engineering and exploit development

• I am a reviewer of Paged Out! free magazine about programming, security, hacking, computers, electronics, demoscene and other similar topics.

• Education: Applied Computer Science at AGH University of Science and Technology in Cracow, Poland

  • Master thesis (in Polish): Reverse engineering, finding and exploiting bugs in native apps on x86 and x86-64. The reviews are inside.

  • Bachelor thesis (in Polish): Impact of memory layout organization of complicated data structures on binary code efficiency. Reviews: supervisor’s, reviewer’s.

  • (Past) Member and a president (for 2 years) of KNI Kernel

Some publications

Blog posts written for Trail of Bits blog:

• [2024.09.10] Sanitize your C++ containers: ASan annotations step-by-step
• [2024.05.16] Understanding AddressSanitizer: Better memory safety for your code - written with Dominik Klemba
• [2024.03.08] KASLR bypass in privilege-less containers - detailing a Linux vulnerability which allowed for leaking kernel modules addresses and bypassing the kernel address space layout randomization (KASLR) mitigation
• [2023.04.20] Typos that omit security features and how to test for them - about some _FORTIFY_SOURCE compiler mitigations typos
• [2020.06.09] How to check if a mutex is locked in Go
• [2020] Cstrnfinder research - a research about finding stupid string related bugs in C/C++ codebases
• [2019.07.19] Understanding Docker container escapes - a post where I broke down a privileged Docker escape technique published by Felix Wilhelm (@_fel1x) on Twitter/X

Articles for “Programista” polish programming magazine:

• [2023] Debugowanie niskopoziomowe z Pwndbg - An article about Pwndbg, a plugin for GDB for security research, reverse engineering and exploit development.
• [2021] Pułapki w języku Go - Go programming language traps that may lead to security vulnerabilities.
• [2021] Przegląd błędów w CPythonie - A review of known CPython bugs that were reported before in the official Python bugtracker - bugs.python.org.
• [2021] Pwn2Win CTF 2021 - atak Spectre - write-up of a CTF challenge where we had to exploit Spectre vulnerability. Written with Arusekk.
• [2018] Teaser Dragon CTF 2018 - zadania production oraz cryptovm - write-ups of production and cryptovm challenges from Teaser Dragon CTF 2018, written with my CTF teammates: Gros and Tacet. I was responsible for the production challenge where you had to make open syscall fail by exceeding the maximum number of opened file descriptors, which were limited by rlimit beforehand.
• [2018] Never ever to be fooled to pay ransomware! – CTFZone 2018 Quals - a write-up of a reverse-engineering CTF challenge where we had to decrypt an Android ransomware. Solved and written together with Paweł Łukasik, who also wrote a write-up on his blog.
• [2016] “IPython – wygodna interaktywna powłoka Pythona” (IPython – Python enhanced interactive shell) – describes IPython interactive shell and its features (history, magic commands, configuration, extensions, notebook/Jupyter) – article pdf;

Work

Looking for a presentation, training, workshop, or just having an interesting project I may be interested in? Contact me or Trail of Bits.

Hobbies

Programming, reverse engineering (or rather looking under the hood to understand how things work), computer security, teaching others, climbing (bouldering) and ice skating.