$ publications // msm's home

Talks

2016-10 - Virus Bulletin 2016 - Nymaim - the Untold Story 🇬🇧 [video] (with mak)
2016-10 - Security BSides Warsaw 2016 - How to Capture a Flag? 🇵🇱 [video] (with Mateusz Szymaniec)
2017-03 - Warszawskie Dni Informatyki 2017 - From hacker’s e-sport to job in IT security 🇵🇱 (with Mateusz Szymaniec)
2017-10 - Virus Bulletin 2017 - Peering into Spam Botnets 🇬🇧 (with mak)
2017-10 - Security BSides Warsaw 2017 - Practical Cryptography [video]
2017-12 - BotConf 2017 - Tracking Botnets With Bots 🇬🇧 (with psrok1)
2018-11 - Secure 2018 - mquery, or how to find malware in a sea of samples 🇵🇱
2019-06 - Let’s Play Częstochowa 2019 - IT Security vs computer games 🇵🇱
2020-01 - No Such Meetup 2020 - My Kernel is My Castle 🇵🇱 (pdf)
2020-06 - Secure EarlyBirds 2019 - Automated decompilation and correlation of malicious software 🇵🇱
2020-06 - Secure EarlyBirds 2020 - Evil Data For Good Cause 🇵🇱
2020-06 - CSIRT Network 2020 - Malware Hunting With Yara 🇬🇧
2020-12 - Oh My Hack 2020 - How to setup your kubernetes cluster (not) 🇵🇱
2022-11 - Secure EarlyBirds 2022 - Decrypt Ransomware or Die Trying 🇵🇱
2022-12 - Oh My Hack 2022 - APT as a Reverse Engineer 🇵🇱
2023-12 - Oh My Hack 2023 - Talking with stealers 🇵🇱

Publications

“Programista” Magazine" (PL only) 🇵🇱

2015-05 - PHP Core (with Mateusz Szymaniec)
2015-09 - Rhinoxorus (with Mateusz Szymaniec)
2015-12 - Rsabin (with Stanislaw Podgorski)
2016-05 - People’s Square (with Stanislaw Podgorski)
2016-07 - Blackbox (with akrasuski1)
2016-10 - PWNing 2016 CTF writeups (with multiple members of p4 team)
2017-01 - (Still) Broken Box (with Stanislaw Podgorski)
2017-06 - User authentication in web applications using public key infrastructure (with Michał Leszczyński)
2017-07 - WCTF 2017 - p4 challenges (with Stanislaw Podgorski)
2017-09 - Practical Cryptography: Cryptographic Hashes and Signatures (with Michał Leszczyński)
2017-10 - Practical Cryptography: Block Ciphers
2018-04 - Capture the Data Thief
2018-06 - Midnight Sun 2018 - Badchair
2018-08 - Find a needle in a data haystack
2018-12 - Threat models in practice
2019-01 - CONFidence 2019 Teaser - Watchmen
2019-04 - CONFidence 2019 Finals - Gothic
2020-01 - DragonCTF 2019 - Arcane Sector
2021-05 - Malware analysis - Decrypt the undecryptable
2024-03 - The art of malware emulation - talking with a botnet

Projects

2015+ - p4-team/ctf: (a lot of) writeups from CTF challenges
2016 - nymaim-tools: open sourced nymaim dissector
2018+ - ursadb: A fast trigram database
2018+ - mquery: Yara query accelerator
2024 - GhidraCtrlP: Ctrl+P plugin for Ghidra: quick search and command palette.
2024 - ghidralib: A Pythonic Ghidra standard library.

Workshops

2016+ - Multiple commercial malware analysis trainings
2017 - (lighthearted) Fast Track to Reverse Engineering 🇵🇱
2019+ - Multiple commercial Kubernetes security trainings
2022+ - Threat information pipelines (often with Paweł Pawliński)
- This training was conducted by me for international CERT community in Uganda, Malawi, Dominican Republic, Chile, Cyprus and Albania during FIRST and ITU events.
2024+ - Introduction to malware analysis for CERTs (co-prepared with Paweł Pawliński)
- This training was conducted by me for international CERT community in Peru and Bulgaria during FIRST and ITU events.

Blog posts elsewhere

cert.pl (🇬🇧 version)

2017-01 - Technical analysis of CryptoMix/CryptFile2 ransomware
2017-01 - Evil: A poor man’s ransomware in JavaScript
2017-01 - Nymaim revisited
2017-02 - Sage 2.0 analysis
2017-05 - Mole ransomware: analysis and decryptor
2017-10 - A deeper look at Tofsee modules
2018-01 - Mtracker - our take on malware tracking)
2020-12 - Set up your own malware analysis pipeline with Karton
2021-04 - Karton Gems 1: Getting Started
2021-04 - Karton Gems 2: Your first karton
2021-05 - Karton Gems 3: Malware extraction with malduck
2023-02 - A tale of Phobos - how we almost cracked a ransomware using CUDA (with nazywam)
2023-09 - Unpacking what’s packed: DotRunPeX analysis
2023-10 - Deworming the XWorm
2025-04 - Deobfuscation Techniques: Peephole Deobfuscation

cert.pl (🇵🇱 version)

2017-01 - Analiza techniczna rodziny CryptoMix/CryptFile2
2017-01 - Evil: prosty ransomware, napisany w języku JavaScript
2017-01 - Nymaim atakuje ponownie
2017-02 - Analiza Sage 2.0
2017-05 - Mole ransomware - analiza i dekryptor
2017-10 - Głębsze spojrzenie na moduły Tofsee
2018-01 - Mtracker - nasz sposób na śledzenie złośliwego oprogramowania

symantec-enterprise-blogs.security.com

(Important: NOT written by me. All posts are a collaboration with a people from my team. These are just ones where I contributed, usually by reverse-engineering samples.)

Others

A series of articles on 4programmers.net: Raytracing step by step 🇵🇱

2012-06 - 1. First steps (PL)
2012-06 - 2. Better camera (PL)
2012-07 - 3. Planes (PL)
2012-07 - 4. Light (PL)
2012-08 - 5. Shadow (PL)
2012-08 - 6. Phong’s model (PL)
2012-09 - 7. Mirror reflection (PL)
2012-09 - 8. Sampling and Antialiasing (PL)
2012-10 - 9. Depth of field (PL)
2012-10 - 10. Soft Shading (PL)
2012-11 - 11. Transparency (PL)

University of Warsaw, guest Lectures about RE and Cryptography 🇵🇱

2017-03 - 6. Cryptography 3: Block Ciphers (with Adam Iwaniuk)
2017-04 - 7. Cryptography 4: Randomness and Pseudo- (with Adam Iwaniuk)
2017-05 - 10. Reverse Engineering 3: Debugging and Anti- (with psrok1)

Politechnika Warszawska, guest Lectures about Cryptography 🇵🇱

2017-10 - 5. Cryptography 1: Block Ciphers (with Adam Iwaniuk)
2017-11 - 6. Cryptography 2: Square Attacks and PRNG (with Adam Iwaniuk)
2017-11 - 7. Cryptography 3: RSA (with Adam Iwaniuk)

Politechnika Warszawska, guest Lectures about Malware 🇵🇱

2019-11 - 4. Attacks making use of malicious software (with psrok1)
2019-11 - 5. Introduction to malware reverse engineering (with psrok1)