gynvael.coldwind//vx

2025年06月18日: Paged Out! prints are here, and so is #7 CFP deadline

Paged Out! was always intended as a PDF+print zine, but the "print" part turned out to be pretty elusive. We actually did an initial test print of 500 copies in 2019 for a conference I've co-organized (Security PWNing), but that's it. Until last month that is, when we pretty much got back on track with prints — both free prints for events, and — additionally — print on demand if someone wants to buy a copy. We actually also updated the website with a lot of print-related information.

So let's cut to the chase — how to get printed Paged Out!?

• You can buy it in the first print-on-demand online bookstore we onboarded: lulu.com/spotlight/pagedout
  Note: there's a normal edition, and there are spon sor ship editions — there's no difference between them apart from the price and the back cover; get a sponsorship one if you want to show additional love for the zine :)
• You can collect one for free at one of these events: pagedout.institute/?page=event-prints.php
  Note: Revisit this list from time to time — it keeps growing.
• And finally, you can print it yourself: pagedout.institute/?page=personal-prints.php

At the same time if you or your company would like to sponsor some Paged Out! prints for a specific event or in general, please let us know (prints AT pagedout DOT institute).

So far only issue #6 is available, but we're working on getting all of them out there, including older ones. We're basically going one by one, first #5, then #4, and so on.

Speaking of issues — Call For Articles for issue #7 now has a soft deadline: 30 June 2025

As usual, we're accepting technical 1-page articles about everything interesting related to computers, electronics, radio, and so on. See pagedout.institute/?page=cfp.php for details.

Note: We're having problems getting articles about retro computers, speedrunning, and movement techniques in games (e.g. Apex Legends), so if you can write about that, please do; and if you know someone who could write something about this, please ping them. Of course all the usual topics are welcomed too, as always.

[ 0 comments ]

2025年11月10日: OSINT CTF i webinary organizowane przez NASK - 24-25 listopada 2025

NASK - Państwowy Instytut Badawczy, z którym niedawno wspólnie organizowaliśmy finały European Cybersecurity Challenge 2025, idzie za ciosem i przygotował kolejny CTF, tym razem z tematyki OSINT — OSINT CTF 2025 (24-25 listopada 2025; rejestracja tylko do 21.11.25 r.).

Co ciekawe, zawody będą poprzedzone czteroma darmowymi webinarami edukacyjnymi prowadzonymi przez ekspertów z zakresu cyberbezpieczeństwa i analizy danych (z czego dwa się już odbyły i będzie można je obejrzeć na kanale NASK na YouTubie):

• 4.11 18:00 – webinar Filip Szulik-Szarecki, OAD NASK; "Wprowadzenie do OSINT-u. Przydatne narzędzia w pracy analityka"
• 6.11 18:00 – webina Filip Głowacz, OAD NASK; "Trolle, boty i Telegram. Rosyjska dezinformacja"."
• 13.11 18:00 – webinar Patryk Grażewicz, Stowarzyszenie Pravda; "Fact-checking w pracy analityka."
• 17.11 18:00 – webinar dr hab. Daniel Mider, wykłądowca UW ds. infobrokeringu i cyberterroryzmu; "Bezpieczeństwo specjalisty OSINT & perspektywa rozwoju branży."

• Strona wydarzenia: https://osint-ctf.pl/
• Rejestracja na CTF: https://osint-ctf.pl/rejestracja
• Rejestracja na webinary: https://media2.clickmeeting.com/

GL & HF!

[ 1 komentarz ]

Five newest or recently updated notes (these are unfinished posts, code snippets, links or commands I find useful but always forget, and other notes that just don't fit on the blog):

• 2024年12月19日: End of Year Talk Watchlist 2024
• 2023年01月17日: AI related lawsuits
• 2022年07月31日: Python "sandbox" escape
• 2021年09月15日: C++ Hello World!
• 2021年08月02日: 8-bit number to binary string ("01011010") [C/C++]

Click here for a list of all notes.

• DLL shared sections: a ghost of the past - research notes taken while revisiting the infamous DLL shared sections; also, a description of finding and exploiting a Cygwin vulnerability. See also this post and these tools.
• PHP LFI to arbitratry code execution via rfc1867 file upload temporary files is an attempt to bring a specific LFI exploitation technique to common knowledge. You might also want to check out a follow-up paper by Brett Moore.
• Exploiting the otherwise non-exploitable - Windows Kernel-mode GS Cookies subverted described the internal mechanisms of generating GS cookies in drivers and a way to predict them.
• GDT and LDT in Windows kernel vulnerability exploitation is another paper I've written with j00ru, this time about using call-gates in kernel exploitation - quite a cool method since it works even if you have only a 1-byte write-what-where condition.

Some conference slides are linked at the bottom of this page.

• A few Microsoft Windows privilege escalations and some DoSes patched by MS10-021 and MS10-011 - this research was presented on HITB Dubai 2010 and CONFidence 2010 (video available here).
• Well, actually a few more bugs in Windows kernel and drivers discovered during our Bochspwn research (see this post and this one) using our kfetch-toolkit. They were patched in MS13-016, MS13-017, MS13-031 and MS13-036.
• Adobe Reader 9.5.1 and 10.1.3 multiple vulnerabilities - 62 unique crashes, from that 31 trivially exploitable and 9 more potentially exploitable, 11 CVE's assigned (CVE-2012-4149 to CVE-2012-4160). Some of these bugs were fixed for Windows and OSX releases of Adobe Reader in APSB12-16.
• Adobe Flash had also quite a lot of fixes (around 60 CVEs assigned). Some details can be found in these bulletins (in random order): APSB12-27, APSB12-24, APSB12-22, APSB13-17, APSB13-14, APSB13-11, APSB13-09, APSB13-05 and APSB13-01.
• Contributed to discovery of multiple low-to-high vulnerabilities in Google Chrome (CVE-2012-2851, CVE-2012-2855, CVE-2012-2856, CVE-2012-2862, CVE-2012-2863 and some other) - some of these were mentioned in this post.
• A lot of bugs in ffmpeg and libav which resulted in 892 (sic!) patches in ffmpeg and 299 patches in libav (CVE-2011-3930 to CVE-2011-3952 and some other).
• Cygwin cygwin1.dll shared section local privilege escalation (demo video) - discovered while revisiting old-school classes of bugs (see paper above).
• Two minor bugs in PuTTY and aterm and rxvt found while playing with terminal control codes. Put here to create some illusion of diversity.
• Mozilla Firefox 2.0.0.11 and Opera 9.50 information leak, also midly affected Safair, Konqueror and some other products (CVE-2007-6524, CVE-2008-0420, CVE-2008-0894, CVE-2008-1573). A demo video is also available.
• A small but funny bug in Total Commander 7.01 - an FTP client gets attacked by the server, leading to a path traversal.
• And there were also these two: a local privilege escalation that required a USB stick of death, and a funny compiler bug.

The full list of vulnerabilities discovered by me (including collaborative work) can be found here (please note that the list might be out of date).

The Google Application Security / Research site might also contain some of my findings.

• Unicode fun: PHP preg_match and UTF-8 with analysis of what happens when you forget that UTF-8 is multibyte; and a String-to-Integer vs Unicode - yes, the standard 0-9 digits are not the only ones supported by programming languages or unicode (see also this post).
• Digging deeper into C/C++: internals of static variables initialization, a discussion with myself about NULL/nullptr, the curious case of int a=5; a=a++ + ++a;, and what happens when scanf/atoi/strtol get an overly large number. Also, a way to magically make a list of functions at compilation time, and a way to create naked functions in gcc/g++ (or rather pure-assembly functions with no additional prologs/epilogs).
• Low-level goodies: a Hello World in C without using any headers / library functions, a process that frees almost all the memory it owns, and embedding GDB in assembly source code.
• Do not do this at work kids - OOP in .bat and OpenGL in .bat.

Subscribe to me on YouTube W wolnym czasie prowadzę videocasty na żywo o programowaniu, reverse engineeringu oraz hackingu/security: