My talks

Below you can see a list of talks or workshops I have given for various events along with slides/videos/materials links. If the particular record has a [PL] before it - it means it was made in Polish language.

The convention for a given event is date - name, location. The [lightning talk] tag means the talk took ~5 minutes and was probably prepared just before presenting it or during the event, as an idea to cotribute some more ;).

2023.10.20 The H@ck Summit, Warsaw, Poland

• [PL] Hakowanie CTFowego hypervisora (x86-64) i przypadkowy 0day - a talk about a QEMU emulation 0day related to nested VMs (slides)

2023.09.20 Rust Cracow #1 meetup, Kraków, Poland

• 2 Lightning talks about: Taint Tracking in Rust and about Serde’s serialize_struct quirk (slides)

2023.08.23-25 AlligatorCon Europe 2023, Budapest, Hungary

• Hacking a toy hypervisor and finding a QEMU emulation 0day (slides, though there were live demos too)
• 3 Lightning talks:
  • Hacking kiosks (slides)
  • GDB & QEMU improvements and set scheduler-locking on feature (slides)
  • “Collector” task from PlaidCTF 2023 aka Postgres replica “bug” (slides from here)

2023.05.25 Pykonik Tech Talks #64

• 4 not so lightning talks (slides, stream) - a case of optimizing Pwndbg “vis_heap_chunk” command, LibCST: CodeMods and QRinception

2023 - AGH University of Science and Technology, talks for KNI Kernel students club

• [PL][2023.11.27] AddressSanitizer - tool to detect memory corruption bugs in native programs (event, video) - talk about ASan, its internals, container overflows, Valgrind, sanitizers and fuzzing
• [PL][2023.10.30] Blockchains 101 (event, slides): entry level talk about blockchains, consensus, PoW vs PoS, mining, wallets, EVM smart contracts and various security pitfalls or issues in blockchain technologies
• [PL][2023.05.10] Close to low level: from CPU and compilers to fast code (event, slides, video) - a talk that first goes over how CPU works under the hood or/and why they are fast and then we go over benchmarks from my bachelor thesis to see why certain things were fast or slow
• [PL][2023.03.21] Virtualization and security (event, slides, video) - a talk with two parts: first, it gives background information on emulation, virtualization, tools used for that and “why would you even need a VM” and then we go over a challenge from HXP CTF 2022 called “Hypersecure” where we need to exploit a buggy hypervisor to escalate privileges on Linux.

2023.04.28 Pykonik Tech Talks #63

• 4 not so lightning talks (slides, video) - a talk about 1) defacing a conference website, 2) weird Postgres replica bug, 3) environment variables “hiding” and 4) CPython 3.11 speed improvements.

2022.11.03 Pykonik Tech Talks #58

• Secure your Python code with fuzz testing (slides, video)

2022 - AGH University of Science and Technology, talks for KNI Kernel students club

• [PL][2022.11.17] What the CTF? (event, slides, video)
• [PL][2022.10.25] C/C++ vs Security? (event, slides, video)
• [PL][2022.10.13] Hacking a single player game on Linux (event) - a live demo of applying cheats to games with GDB and Pwndbg

2022.08.12-13 AlligatorCon Europe 2022, Budapest, Hungary

• Hacking a single player game on Linux - a live demo of applying cheats to games with GDB and Pwndbg

2022.07.13-14 - EuroPython 2022

• CPython bugs (video, slides)
• [lightning talk] Programming is hard pt. 1 (video, slides)

2022.06.24 - WarCon V

• Extending AddressSanitizer support for C++ collections - a talk given along with Tacet about a research project done in Trail of Bits (slides)

2022.06.04 - Noc Informatyka 1.3

• Hacking a single player game on Linux - a live demo of applying cheats to games with GDB and Pwndbg

2021, 2022 - AGH University of Science and Technology, talks for KNI Kernel students club

• [PL][2022.03.29] How does Docker work under the hood? (event, slides, video) - the talk starts with an overview of Docker (CLI & daemon interaction) and goes deep into some of the Docker internals (namespaces, cgroups, capabilities); it also describes security & insecurity Docker run flags; no time was left to cover seccomp or AppArmor in much details ;)
• [PL][2021.12.16] Linux & Security part 2 (event link, slides video: TBD) - a talk about logs (dmesg, rsyslogd, journald), useful logs examples, log injection problem (or: when you read logs with tail, cat or adb logcat), a logrotate race condition bug and a safer proc filesystem mount options
• [PL][2021.11.15] Linux & Security (event link, slides) - a talk about Linux security where we described things like user vs kernel space isolation, syscalls, what exactly is a “user”, uid or pid in the system, an issue with PIDs being incremental (pid-reuse attack), file types and file permissions + weird cases with those, suid binaries and other file attributes
• [PL][2021.10.25] How to learn IT (slides) - a non-technical talk on how to learn IT/CS

2021.11.25 - Pykonik Tech Talks #55

• CPython bugs review (video, slides) - In this talk we will look into a few bug cases in CPython, some of which are still present and may impose a security risk for admins or organizations.

2020.12.17 - A Midwinter Night’s Con 2020

• Various interesting (and not) bugs case studies (video, slides) - In this talk I will present a “cstrnfinder” research where I found many (stupid) bugs related to string operations in C. Apart from that, we will look through an insufficient permission check that allowed for kASLR bypass within kernel modules in certain container environments. We will also analyse a not sufficient mitigation in glibc allocator, where changing a few lines of code can make it harder for attackers to exploit buggy applications.

2020.04.25 - Python Pizza, remote @ your couch

• [lightning talk] sudo python is a trap, use isolated mode (video, slides) - a showcase of the “Readline module loading in interactive mode” Python security bug :)

2019.11.14-15 - Security PWNing Conference 2019, Warsaw, Poland

• [PL] Attacking via Linux’s procfs, and Countermeasures for App Developers (slides) - presentation about procfs, the things you can find there, some consequences of those (consider e.g. arbitrary file reads, directory listings with path traversals in both web apps and programs run by users on the system), weird corner cases when depending on readlink /proc/PID/exe or reading process name from comm or cmdline files, PIDs (which are not process handles) and PID-reuse attacks and some mitigations along with the new one - pidfd. Also talked about procfs mount options - hidepid and gid.

2019.11.07 - Akamai Affinity Tech Talks, Kraków, Poland

• Semantic safety won’t save you (slides) showed a sample of security traps in Python, Go and C programming languages. The topic comes from the fact that both Python and Go handle the hard stuff (e.g. memory/threading/errors/etc) for us and people often consider them “safe” because of the semantics of the language. Though… we still shoot ourself in the foot despite that “safety”. Also thanks to @b0bbytabl3s for helping up with this topic :).

2019.09.28 - Noc Informatyka 1.2, Kraków, Poland

• [PL] Bebechy kontenerów Dockerowych oraz Grand Theft Ucieczki z uprzywilejowanych kontenerów (slides) - the same presentation as the one made on AlligatorCon. The title ended up too baity though.

2019.09.12-15 - PyConPL 2019, Zawiercie, Poland

• Python internals - how does CPython work? (slides) - a ~2h talk I gave in polish at AGH; it is a deep dive into CPython and its VM. From the original description: “We will learn about CPython bytecode, PYC files, how to disassemble a Python function or decompile it back from bytecode to Python code. We will look at the flow between launching and executing a Python script. We will also go through CPython VM execution by emulating the execution of a short Python function.”.
• Python internals - let’s talk about dicts - the same talk I gave at Pykonik Tech Talks #43.
• [lightning talk] Regexes WT#? (slides) - showed a DoS in Django web framework, wrong regex in Signal-Desktop I found which didn’t have a direct security impact and reminded about re.VERBOSE flag.
• [lightning talk] PagedOut! (slides - described the PagedOut! free zine and my article about hacking Python’s ellipsis
• [lightning talk] Python security issues (slides - an overview over random existing Python security bugs.
• [lightning talk] Pyyaml WT# (no slides) - a rant about PyYaml module: there was a 4.1 relase that changed safe_load into load which was reverted and removed from pypi…, then 5.1 was supposed to make load safer by default but not necessarily disallowing it to deserialize Python objects, so it is stil insecure.
• [lightning talk] A story of a 3d nickname (slides - a story about ‘3d’ origin in my nickname and something about IRC communities o/.

2019.08.16-17 - AlligatorCon Europe 2019, Budapest, Hungary

• Fancy “privileged” Docker container escapes (slides) - a detailed introduction to the Linux kernel features used by Docker (namespaces, cgroups, capabilities, seccomp, AppArmor) and some info about “privileged” escapes. Note: What does privileged mean? I discuss this matter and show that one of escapes can be pointed down to --cap-add=SYS_ADMIN --security-opt apparmor=unconfined and explore this environnment more.

2019.05.30 - Lecture for KNI Kernel student club at AGH, Kraków, Poland (event link)

• [PL] How does CPython work (slides) - a ~2h talk going deeply into how CPython VM works, giving an example of emulating it and explaining some of the CPython internals.

2019.03.28 - Pykonik Tech Talks #43, Kraków, Poland - streaming

• Python internals - let’s talk about dicts (slides) - a ~45 min talk where we show some different aspects of Python dicts, like hashing, a weird case of hashing -1 value, issues when hashing mutable values or overwriting dicts, examples of extending dicts and an interesting case of updating dicts with not overriding already existing keys’ values.

2019.02.12 - Empire Hacking, New York (link or meetup link)

• Low level debugging with Pwndbg - slides - more robust version of this talk; demo examples here.

2018.11.19-20 - Security PWNing Conference 2018, Warsaw, Poland (link)

• [PL] Low level debugging with Pwndbg - slides

2018.11.10 - PUT Security Day, Poznań, Poland (link)

• [PL] Docker security - slides; talk given in Polish (slides were in English). The video can be found here.

2018.10.25 - Pykonik Tech Talks #39 Kraków, Poland (link)

• Docker security (see slides from PUT Security Day) - is root in the container the same as on host? Is it safe to add untrusted user to docker group? How to make your app running in a container safer?

2018.10.15 - 4Developers Kraków, Kraków, Poland (link)

• Let’s play: Code Review - slides

2018.09.27 - Pykonik Tech Talks #38, Kraków, Poland (link)

• [lightning talk] Soft and hard links on Linux: symbolic and physical links - demo about links and some flaws around it (long paths, interesting links in /proc etc) - there were no slides

2018.08.01 - AlligatorCon 2018 (link)

• Python Reversing Challenge - slides

2018.08.23-26 - PyCon PL 2018, Ossa, Poland (link)

• Insecure Things to Avoid in Python - slides - consists of the one from ThaiPy + info about how I hosted my ‘Python-challenges’ challenge
• [lightning talk] Random cool stuff in Python - slides - __dict__, __slots__, exec usages in CPython (namedtuple and Python’s 3.7 dataclasses use those)
• [lightning talk] How does CPython work? - slides
• [lightning talk] How to be a better developer - slides
• [lightning talk] Decrypting Android Ransomware - slides
• [lightning talk-ish] “I hate Portals” aka ReverseMe challenge - slides - a talk about some cool solutions to my ‘Python-challenges’ challenge

2018.06.09 - Noc Informatyka 1.1, Kraków, Poland (link)

• Some insecure Things to Avoid in Python - slides - pickle, yaml, eval (and its pseudosandbox) and safeeval

2018.04.19 - Thai Py, Bangkok, Thailand (link)

• Let’s play code review: how to write better python code first time - slides

2018.02.08 - Thai Py, Bangkok, Thailand (link)

• Insecure Things to Avoid in Python - slides
• [lightning talk] Unix wildcards gone wild (see link from PyCon PL 2016)

2017.08.25-26 - AlligatorCon PL 2017, Kraków, Poland (link)

• Python as a hacker’s toolbox vol 2 - slides

2017.08.17-20 - PyCon PL 2017, Ossa, Poland (link)

• Python as a hacker’s toolbox vol 2 - slides
• [lightning talk] A simple step for better security when using Python - slides
• [lightning talk] Python AST rewriting: ‘how does PyTest do that’ - slides

2016.12.05 - Code Europe Cracow 2016, Kraków, Poland (link; note: conference link ~expired)

• [PL] Capture The Flag: interesting way of spending time - slides

2016.10.13-16 - PyCon PL 2016, Ossa, Poland (link)

• [lightning talk] Capture The Flag - slides
• [lightning talk] Unix wildcards gone wild - slides

2016.06.03 - Noc informatyka 1.0, Kraków, Poland (link)

• [PL] Unusual debugging tools - slides and examples

2012-2017 - KNI Kernel Computer Science Organisation, AGH UST, Kraków, Poland

• [PL] CTFs - similar talk to the one at Code Europe conference
• [PL] Shells, buffering and IPython - slides
• [PL] How to learn IT - slides
• [PL] Not working for me either - debugging tools for Linux and Windows - no slides, covered GDB debugging, linux tracers (ltrace, strace), Valgrind, Windows Sysinternals, Dependency Walker and debugging through IDEs - PyCharm and Visual Studio. Done with my friend Alex.
• [PL] Python from scratch course, held with my friend Alex; materials.
• [PL] CTF workshops (2016, 2017) - many different topics, mainly low level ones but not only; see materials.

2016-2017 - for various university classes assignments at AGH UST, Kraków, Poland

• [PL] SQLi, XSS, CSRF: some vulnerabilities from web applications - slides - presented and demoed about some vulns and exploitation techniques for web applications. Co-authored with Magdalena Jaroszyńska.
• [PL] 1/3: Reverse engineering and finding and exploitting bugs in native apps for x86/x86_64 - slides - introduction presentation to show up my master thesis topic for a diploma seminar. Described few low level concepts - processor registers, x86 assembly basic instructions, the call, leave, ret instrtuctions flow and some bug sources in applications.
• [PL] 2/3: Reverse engineering and finding and exploitting bugs in native apps for x86/x86_64 - slides - mid-semester presentation; showed a process of solving a reverse-engineering CTF challenge: from inspecting the binary, deassembling it, decompiling it via IDA Pro, inspecting program’s strings, finding the winning condition, dynamic analysis via debbugging to find out which global values corresponds to which game objects and solving winning-condition equations through Z3 theorem prover. The talk also shown how code instrumentation, here address sanitizer, helps finding bugs, how a stack-buffer-overflow can be exploited, how to find out ELF binaries mitigations and various techniques an attacker can use to exploit bugs (shellcodes, overwriting GOT, ROP chains).
• [PL] 3/3: Reverse engineering and finding and exploitting bugs in native apps for x86/x86_64 - slides - a summary presentation where I showed how ELF maps to memory, listed processes for finding bugs, described fuzzing and symbolic execution, showed an interesting heap-related bug and more.