My talks
Below you can see a list of talks I gave on various events with slides/videos links. The [PL]
tag means it was in Polish and [lightning talk]
means it was a quick, usually <5 min talk, likely improvised or prepared just before giving it.
2024.11.21 Pykonik Tech Talks #72
- [PL] Python 3.13 JIT experiment: hot or not? (slides, video) - a talk on the recently added experimental JIT to CPython (which is disabled by default)
- [PL][lightning talk] Pdb vs ipdb import time and peephole optimizer (video)
2024.10.03 Meet.js meetup, Cracow, Poland
- [lightning talk] justCTF 2024 Finals and NFC Flag Market challenge (slides)
2024.09.28 HackYeah, Tauron Arena, Cracow, Poland
- Security pitfalls case studies from real life bugs and CTFs (slides) - a talk about some cool case studies from infosec/CTFs/real life :)
- Challenges and finalists announcements from justCTF 2024 Finals capture the flag cybersecurity competition - slides - talk given by me and my CTF team on the justCTF 2024 Finals competition that we organized during HackYeah, the biggest hackathon in EU on Tauron Arena in Cracow, Poland
2024.09.14 PraSec 10
- [lightning talk] CTFTime name squatting and “Funny LFR” web challenge (SEKAI CTF 2024) walkthrough (slides) - in the latter, I showed a bit on leaking environment variables in local-file-inclusion case by exploiting a TOCTOU vulnerability
2024.06.14 WarCon 2024
- Linux privesc via arbitrary x86 MSRs read/write bug: case study from a CTF challenge (slides) - a walkthrough over a “MSRable” challenge from KalmarCTF 2024. It is a X86-64 Linux kernel exploitation challenge where unprivileged users were allowed to read and write arbitrary MSR registers.
2024.06.13 Pykonik Tech Talks #70
- Python specialized bytecode: hacking a Python jail (slides, video) - In this talk we will learn what Python’s specialized bytecode is and we will solve a challenge from Angstrom CTF 2024, a capture the flag cybersecurity competition where we had to hack a so called “pycjail returns” which was an attempt to isolate or limit arbitary Python code execution. We will also learn where we can find such jails in real life code and how to do them better (hint: usually, don’t do them at all, but if you must…).
- Including lightning talks about:
- justCTF 2024 Teaser competition
- Zero gravity flight
- Research paper/code developed for the Interstellar movie (paper)
- Including lightning talks about:
2024.05.28 Confidence Conference 2024, Cracow, Poland
- Linux privesc via arbitrary x86 MSRs read/write bug: case study from a CTF challenge (slides, video) - a walkthrough over a “MSRable” challenge from KalmarCTF 2024. It is a X86-64 Linux kernel exploitation challenge where unprivileged users were allowed to read and write arbitrary MSR registers.
2024.04.04 Pykonik Tech Talks #69
- [PL] Lightning talks (video) about:
- Django admin used for CTF management
- Attaching into and debugging already running Python scripts
- xz backdoor case
- Google Summer of Code 2024 and Python Summer of Code 2024
- SFI - Studencki Festiwal Informatyczny 2024
2023.10.20 The H@ck Summit, Warsaw, Poland
- [PL] Hakowanie CTFowego hypervisora (x86-64) i przypadkowy 0day - a talk about a QEMU emulation 0day related to nested VMs (slides)
2023.09.20 Rust Cracow #1 meetup, Kraków, Poland
- 2 Lightning talks about: Taint Tracking in Rust and about Serde’s
serialize_struct
quirk (slides)
2023.08.23-25 AlligatorCon Europe 2023, Budapest, Hungary
- Hacking a toy hypervisor and finding a QEMU emulation 0day (slides, though there were live demos too)
- 3 Lightning talks:
- Hacking kiosks (slides)
- GDB & QEMU improvements and
set scheduler-locking on
feature (slides) - “Collector” task from PlaidCTF 2023 aka Postgres replica “bug” (slides from here)
2023.06.28 Pykonik Tech Talks #65
- The curious case of (not) removing files on Linux & others – A talk on testdisk, weird case of big files on disk, WebAssembly and a Google CTF challenge Chrome/V8 pwn exploitation (video)
2023.05.25 Pykonik Tech Talks #64
- 4 not so lightning talks (slides, stream) - a case of optimizing Pwndbg “vis_heap_chunk” command, LibCST: CodeMods and QRinception
2023 - AGH University of Science and Technology, talks for KNI Kernel students club
- [PL][2023.12.07] Information Security - (event, slides) - an intro talk about cybersecurity/information security
- [PL][2023.11.27] AddressSanitizer - tool to detect memory corruption bugs in native programs (event, video) - talk about ASan, its internals, container overflows, Valgrind, sanitizers and fuzzing
- [PL][2023.10.30] Blockchains 101 (event, slides): entry level talk about blockchains, consensus, PoW vs PoS, mining, wallets, EVM smart contracts and various security pitfalls or issues in blockchain technologies
- [PL][2023.05.10] Close to low level: from CPU and compilers to fast code (event, slides, video) - a talk that first goes over how CPU works under the hood or/and why they are fast and then we go over benchmarks from my bachelor thesis to see why certain things were fast or slow
- [PL][2023.03.21] Virtualization and security (event, slides, video) - a talk with two parts: first, it gives background information on emulation, virtualization, tools used for that and “why would you even need a VM” and then we go over a challenge from HXP CTF 2022 called “Hypersecure” where we need to exploit a buggy hypervisor to escalate privileges on Linux.
2023.04.28 Pykonik Tech Talks #63
- 4 not so lightning talks (slides, video) - a talk about 1) defacing a conference website, 2) weird Postgres replica bug, 3) environment variables “hiding” and 4) CPython 3.11 speed improvements.
2023.03.30 Pykonik Tech Talks #62
- Lightning talk about weird pyc file that executes unexpected code due to a bug in zip importer in Python from a tweet from David Buchanan (video) - see also: https://x.com/disconnect3d_pl/status/1641712283565928448
2022.11.03 Pykonik Tech Talks #58
2022 - AGH University of Science and Technology, talks for KNI Kernel students club
- [PL][2022.11.17] What the CTF? (event, slides, video)
- [PL][2022.10.25] C/C++ vs Security? (event, slides, video)
- [PL][2022.10.13] Hacking a single player game on Linux (event) - a live demo of applying cheats to games with GDB and Pwndbg
2022.08.12-13 AlligatorCon Europe 2022, Budapest, Hungary
- Hacking a single player game on Linux - a live demo of applying cheats to games with GDB and Pwndbg
2022.07.13-14 - EuroPython 2022
2022.06.24 - WarCon V
- Extending AddressSanitizer support for C++ collections - a talk given along with Tacet about a research project done in Trail of Bits (slides) (EDIT 2024: see also this blog post)
2022.06.04 - Noc Informatyka 1.3
- Hacking a single player game on Linux - a live demo of applying cheats to games with GDB and Pwndbg
2021, 2022 - AGH University of Science and Technology, talks for KNI Kernel students club
- [PL][2022.03.29] How does Docker work under the hood? (event, slides, video) - the talk starts with an overview of Docker (CLI & daemon interaction) and goes deep into some of the Docker internals (namespaces, cgroups, capabilities); it also describes security & insecurity Docker run flags; no time was left to cover seccomp or AppArmor in much details ;)
- [PL][2021.12.16] Linux & Security part 2 (event link, slides video: TBD) - a talk about logs (dmesg, rsyslogd, journald), useful logs examples, log injection problem (or: when you read logs with tail, cat or adb logcat), a logrotate race condition bug and a safer proc filesystem mount options
- [PL][2021.11.15] Linux & Security (event link, slides) - a talk about Linux security where we described things like user vs kernel space isolation, syscalls, what exactly is a “user”, uid or pid in the system, an issue with PIDs being incremental (pid-reuse attack), file types and file permissions + weird cases with those, suid binaries and other file attributes
- [PL][2021.10.25] How to learn IT (slides) - a non-technical talk on how to learn IT/CS
2021.11.25 - Pykonik Tech Talks #55
- CPython bugs review (video, slides) - In this talk we will look into a few bug cases in CPython, some of which are still present and may impose a security risk for admins or organizations.
2020.12.17 - A Midwinter Night’s Con 2020
- Various interesting (and not) bugs case studies (video, slides) - In this talk I will present a “cstrnfinder” research where I found many (stupid) bugs related to string operations in C. Apart from that, we will look through an insufficient permission check that allowed for kASLR bypass within kernel modules in certain container environments. We will also analyse a not sufficient mitigation in glibc allocator, where changing a few lines of code can make it harder for attackers to exploit buggy applications.
2020.04.25 - Python Pizza, remote @ your couch
- [lightning talk] sudo python is a trap, use isolated mode (video, slides) - a showcase of the “Readline module loading in interactive mode” Python security bug :)
2019.11.14-15 - Security PWNing Conference 2019, Warsaw, Poland
- [PL] Attacking via Linux’s procfs, and Countermeasures for App Developers (slides) - presentation about procfs, the things you can find there, some consequences of those (consider e.g. arbitrary file reads, directory listings with path traversals in both web apps and programs run by users on the system), weird corner cases when depending on
readlink /proc/PID/exe
or reading process name from comm or cmdline files, PIDs (which are not process handles) and PID-reuse attacks and some mitigations along with the new one - pidfd. Also talked about procfs mount options - hidepid and gid.
2019.11.07 - Akamai Affinity Tech Talks, Kraków, Poland
- Semantic safety won’t save you (slides) showed a sample of security traps in Python, Go and C programming languages. The topic comes from the fact that both Python and Go handle the hard stuff (e.g. memory/threading/errors/etc) for us and people often consider them “safe” because of the semantics of the language. Though… we still shoot ourself in the foot despite that “safety”. Also thanks to @b0bbytabl3s for helping up with this topic :).
2019.09.28 - Noc Informatyka 1.2, Kraków, Poland
- [PL] Bebechy kontenerów Dockerowych oraz Grand Theft Ucieczki z uprzywilejowanych kontenerów (slides) - the same presentation as the one made on AlligatorCon. The title ended up too baity though.
2019.09.12-15 - PyConPL 2019, Zawiercie, Poland
- Python internals - how does CPython work? (slides) - a ~2h talk I gave in polish at AGH; it is a deep dive into CPython and its VM. From the original description: “We will learn about CPython bytecode, PYC files, how to disassemble a Python function or decompile it back from bytecode to Python code. We will look at the flow between launching and executing a Python script. We will also go through CPython VM execution by emulating the execution of a short Python function.”.
- Python internals - let’s talk about dicts - the same talk I gave at Pykonik Tech Talks #43.
- [lightning talk] Regexes WT#? (slides) - showed a DoS in Django web framework, wrong regex in Signal-Desktop I found which didn’t have a direct security impact and reminded about
re.VERBOSE
flag. - [lightning talk] PagedOut! (slides - described the PagedOut! free zine and my article about hacking Python’s ellipsis
- [lightning talk] Python security issues (slides - an overview over random existing Python security bugs.
- [lightning talk] Pyyaml WT# (no slides) - a rant about PyYaml module: there was a 4.1 relase that changed
safe_load
intoload
which was reverted and removed from pypi…, then 5.1 was supposed to makeload
safer by default but not necessarily disallowing it to deserialize Python objects, so it is stil insecure. - [lightning talk] A story of a 3d nickname (slides - a story about ‘3d’ origin in my nickname and something about IRC communities o/.
2019.08.16-17 - AlligatorCon Europe 2019, Budapest, Hungary
- Fancy “privileged” Docker container escapes (slides) - a detailed introduction to the Linux kernel features used by Docker (namespaces, cgroups, capabilities, seccomp, AppArmor) and some info about “privileged” escapes. Note: What does privileged mean? I discuss this matter and show that one of escapes can be pointed down to
--cap-add=SYS_ADMIN --security-opt apparmor=unconfined
and explore this environnment more.
2019.05.30 - Lecture for KNI Kernel student club at AGH, Kraków, Poland (event link)
- [PL] How does CPython work (slides) - a ~2h talk going deeply into how CPython VM works, giving an example of emulating it and explaining some of the CPython internals.
2019.03.28 - Pykonik Tech Talks #43, Kraków, Poland - streaming
- Python internals - let’s talk about dicts (slides) - a ~45 min talk where we show some different aspects of Python dicts, like hashing, a weird case of hashing -1 value, issues when hashing mutable values or overwriting dicts, examples of extending dicts and an interesting case of updating dicts with not overriding already existing keys’ values.
2019.02.12 - Empire Hacking, New York (link or meetup link)
2018.11.19-20 - Security PWNing Conference 2018, Warsaw, Poland (link)
- [PL] Low level debugging with Pwndbg - slides
2018.11.10 - PUT Security Day, Poznań, Poland (link)
- [PL] Docker security - slides; talk given in Polish (slides were in English). The video can be found here.
2018.10.25 - Pykonik Tech Talks #39 Kraków, Poland (link)
- Docker security (see slides from PUT Security Day) - is root in the container the same as on host? Is it safe to add untrusted user to docker group? How to make your app running in a container safer?
2018.10.15 - 4Developers Kraków, Kraków, Poland (link)
- Let’s play: Code Review - slides
2018.09.27 - Pykonik Tech Talks #38, Kraków, Poland (link)
- [lightning talk] Soft and hard links on Linux: symbolic and physical links - demo about links and some flaws around it (long paths, interesting links in /proc etc) - there were no slides
2018.08.01 - AlligatorCon 2018 (link)
- Python Reversing Challenge - slides
2018.08.23-26 - PyCon PL 2018, Ossa, Poland (link)
- Insecure Things to Avoid in Python - slides - consists of the one from ThaiPy + info about how I hosted my ‘Python-challenges’ challenge
- [lightning talk] Random cool stuff in Python - slides -
__dict__
,__slots__
,exec
usages in CPython (namedtuple
and Python’s 3.7 dataclasses use those) - [lightning talk] How does CPython work? - slides
- [lightning talk] How to be a better developer - slides
- [lightning talk] Decrypting Android Ransomware - slides
- [lightning talk-ish] “I hate Portals” aka ReverseMe challenge - slides - a talk about some cool solutions to my ‘Python-challenges’ challenge
2018.06.09 - Noc Informatyka 1.1, Kraków, Poland (link)
- Some insecure Things to Avoid in Python - slides - pickle, yaml, eval (and its pseudosandbox) and safeeval
2018.04.19 - Thai Py, Bangkok, Thailand (link)
- Let’s play code review: how to write better python code first time - slides
2018.02.08 - Thai Py, Bangkok, Thailand (link)
- Insecure Things to Avoid in Python - slides
- [lightning talk] Unix wildcards gone wild (see link from PyCon PL 2016)
2017.08.25-26 - AlligatorCon PL 2017, Kraków, Poland (link)
- Python as a hacker’s toolbox vol 2 - slides
2017.08.17-20 - PyCon PL 2017, Ossa, Poland (link)
- Python as a hacker’s toolbox vol 2 - slides
- [lightning talk] A simple step for better security when using Python - slides
- [lightning talk] Python AST rewriting: ‘how does PyTest do that’ - slides
2016.12.05 - Code Europe Cracow 2016, Kraków, Poland (link; note: conference link ~expired)
- [PL] Capture The Flag: interesting way of spending time - slides
2016.10.13-16 - PyCon PL 2016, Ossa, Poland (link)
2016.06.03 - Noc informatyka 1.0, Kraków, Poland (link)
- [PL] Unusual debugging tools - slides and examples
2012-2017 - KNI Kernel Computer Science Organisation, AGH UST, Kraków, Poland
- [PL] CTFs - similar talk to the one at Code Europe conference
- [PL] Shells, buffering and IPython - slides
- [PL] How to learn IT - slides
- [PL] Not working for me either - debugging tools for Linux and Windows - no slides, covered GDB debugging, linux tracers (ltrace, strace), Valgrind, Windows Sysinternals, Dependency Walker and debugging through IDEs - PyCharm and Visual Studio. Done with my friend Alex.
- [PL] Python from scratch course, held with my friend Alex; materials.
- [PL] CTF workshops (2016, 2017) - many different topics, mainly low level ones but not only; see materials.
2016-2017 - for various university classes assignments at AGH UST, Kraków, Poland
- [PL] SQLi, XSS, CSRF: some vulnerabilities from web applications - slides - presented and demoed about some vulns and exploitation techniques for web applications. Co-authored with Magdalena Jaroszyńska.
- [PL] 1/3: Reverse engineering and finding and exploitting bugs in native apps for x86/x86_64 - slides - introduction presentation to show up my master thesis topic for a diploma seminar. Described few low level concepts - processor registers, x86 assembly basic instructions, the
call
,leave
,ret
instrtuctions flow and some bug sources in applications. - [PL] 2/3: Reverse engineering and finding and exploitting bugs in native apps for x86/x86_64 - slides - mid-semester presentation; showed a process of solving a reverse-engineering CTF challenge: from inspecting the binary, deassembling it, decompiling it via IDA Pro, inspecting program’s strings, finding the winning condition, dynamic analysis via debbugging to find out which global values corresponds to which game objects and solving winning-condition equations through Z3 theorem prover. The talk also shown how code instrumentation, here address sanitizer, helps finding bugs, how a stack-buffer-overflow can be exploited, how to find out ELF binaries mitigations and various techniques an attacker can use to exploit bugs (shellcodes, overwriting GOT, ROP chains).
- [PL] 3/3: Reverse engineering and finding and exploitting bugs in native apps for x86/x86_64 - slides - a summary presentation where I showed how ELF maps to memory, listed processes for finding bugs, described fuzzing and symbolic execution, showed an interesting heap-related bug and more.