$ publications
Talks
2016-10- Virus Bulletin 2016 - Nymaim - the Untold Story 🇬🇧 [video] (with mak)2016-10- Security BSides Warsaw 2016 - How to Capture a Flag? 🇵🇱 [video] (with Mateusz Szymaniec)2017-03- Warszawskie Dni Informatyki 2017 - From hacker’s e-sport to job in IT security 🇵🇱 (with Mateusz Szymaniec)2017-10- Virus Bulletin 2017 - Peering into Spam Botnets 🇬🇧 (with mak)2017-10- Security BSides Warsaw 2017 - Practical Cryptography [video]2017-12- BotConf 2017 - Tracking Botnets With Bots 🇬🇧 (with psrok1)2018-11- Secure 2018 - mquery, or how to find malware in a sea of samples 🇵🇱2019-06- Let’s Play CzÄ™stochowa 2019 - IT Security vs computer games 🇵🇱2020-01- No Such Meetup 2020 - My Kernel is My Castle 🇵🇱 (pdf)2020-06- Secure EarlyBirds 2019 - Automated decompilation and correlation of malicious software 🇵🇱2020-06- Secure EarlyBirds 2020 - Evil Data For Good Cause 🇵🇱2020-06- CSIRT Network 2020 - Malware Hunting With Yara 🇬🇧2020-12- Oh My Hack 2020 - How to setup your kubernetes cluster (not) 🇵🇱2022-11- Secure EarlyBirds 2022 - Decrypt Ransomware or Die Trying 🇵🇱2022-12- Oh My Hack 2022 - APT as a Reverse Engineer 🇵🇱2023-12- Oh My Hack 2023 - Talking with stealers 🇵🇱
Publications
“Programista” Magazine" (PL only) 🇵🇱
2015-05- PHP Core (with Mateusz Szymaniec)2015-09- Rhinoxorus (with Mateusz Szymaniec)2015-12- Rsabin (with Stanislaw Podgorski)2016-05- People’s Square (with Stanislaw Podgorski)2016-07- Blackbox (with akrasuski1)2016-10- PWNing 2016 CTF writeups (with multiple members of p4 team)2017-01- (Still) Broken Box (with Stanislaw Podgorski)2017-06- User authentication in web applications using public key infrastructure (with MichaÅ‚ LeszczyÅ„ski)2017-07- WCTF 2017 - p4 challenges (with Stanislaw Podgorski)2017-09- Practical Cryptography: Cryptographic Hashes and Signatures (with MichaÅ‚ LeszczyÅ„ski)2017-10- Practical Cryptography: Block Ciphers2018-04- Capture the Data Thief2018-06- Midnight Sun 2018 - Badchair2018-08- Find a needle in a data haystack2018-12- Threat models in practice2019-01- CONFidence 2019 Teaser - Watchmen2019-04- CONFidence 2019 Finals - Gothic2020-01- DragonCTF 2019 - Arcane Sector2021-05- Malware analysis - Decrypt the undecryptable2024-03- The art of malware emulation - talking with a botnet
Projects
2015+- p4-team/ctf: (a lot of) writeups from CTF challenges2016- nymaim-tools: open sourced nymaim dissector2018+- ursadb: A fast trigram database2018+- mquery: Yara query accelerator
Workshops
2016+- Multiple commercial malware analysis trainings2017- (lighthearted) Fast Track to Reverse Engineering 🇵🇱2019+- Multiple commercial Kubernetes security trainings2022+- Threat information pipelines (often with Paweł Pawliński)- A variation of this training was conducted by me in Uganda, Malawi, Dominican Republic, Chile, Cyprus and Albania during related FIRST, ITU and other events.
Blog posts elsewhere
cert.pl (🇬🇧 version)
2017-01- Technical analysis of CryptoMix/CryptFile2 ransomware2017-01- Evil: A poor man’s ransomware in JavaScript2017-01- Nymaim revisited2017-02- Sage 2.0 analysis2017-05- Mole ransomware: analysis and decryptor2017-10- A deeper look at Tofsee modules2018-01- Mtracker - our take on malware tracking)2020-12- Set up your own malware analysis pipeline with Karton2021-04- Karton Gems 1: Getting Started2021-04- Karton Gems 2: Your first karton2021-05- Karton Gems 3: Malware extraction with malduck2023-02- A tale of Phobos - how we almost cracked a ransomware using CUDA (with nazywam)2023-09- Unpacking what’s packed: DotRunPeX analysis2023-10- Deworming the XWorm
cert.pl (🇵🇱 version)
2017-01- Analiza techniczna rodziny CryptoMix/CryptFile22017-01- Evil: prosty ransomware, napisany w języku JavaScript2017-01- Nymaim atakuje ponownie2017-02- Analiza Sage 2.02017-05- Mole ransomware - analiza i dekryptor2017-10- Głębsze spojrzenie na moduły Tofsee2018-01- Mtracker - nasz sposób na śledzenie złośliwego oprogramowania
symantec-enterprise-blogs.security.com
(Important: NOT written by me. All posts are a collaboration with a people from my team. These are just ones where I contributed, usually by reverse-engineering samples.)
2022-04- Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine2022-04- Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets2022-09- Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics2022-09- Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East2022-10- Spyder Loader: Malware Seen in Recent Campaign Targeting Organizations in Hong Kong2022-11- Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries2023-01- Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa
Others
A series of articles on 4programmers.net: Raytracing step by step 🇵🇱
2012-06- 1. First steps (PL)2012-06- 2. Better camera (PL)2012-07- 3. Planes (PL)2012-07- 4. Light (PL)2012-08- 5. Shadow (PL)2012-08- 6. Phong’s model (PL)2012-09- 7. Mirror reflection (PL)2012-09- 8. Sampling and Antialiasing (PL)2012-10- 9. Depth of field (PL)2012-10- 10. Soft Shading (PL)2012-11- 11. Transparency (PL)
University of Warsaw, guest Lectures about RE and Cryptography 🇵🇱
2017-03- 6. Cryptography 3: Block Ciphers (with Adam Iwaniuk)2017-04- 7. Cryptography 4: Randomness and Pseudo- (with Adam Iwaniuk)2017-05- 10. Reverse Engineering 3: Debugging and Anti- (with psrok1)
Politechnika Warszawska, guest Lectures about Cryptography 🇵🇱
2017-10- 5. Cryptography 1: Block Ciphers (with Adam Iwaniuk)2017-11- 6. Cryptography 2: Square Attacks and PRNG (with Adam Iwaniuk)2017-11- 7. Cryptography 3: RSA (with Adam Iwaniuk)
Politechnika Warszawska, guest Lectures about Malware 🇵🇱
2019-11- 4. Attacks making use of malicious software (with psrok1)2019-11- 5. Introduction to malware reverse engineering (with psrok1)