Together with Dragon Sector we've donated our winnings from Russian CTFs to humanitarian aid towards 🇺🇦#Ukraine! $3,000 from each team which we'll match from our #PolandCanIntoSpace winnings. $12,000 in total for Polska Akcja Humanitarna (PAH). #NoToWar 🇺🇦🇵🇱 #CTFforUA siepomaga.pl/ctfforua

Fell in love with typed-config github.com/bwindsor/typed…. It's a tiny Python library for reading config from ini files/environment/anywhere, used by mwdb (and maybe mquery soon). Typed, extensible, dependency free. How does it only have 14 stars on GH?!

Some of msm and my research on the #phobos ransomware family. Using CUDA to crack stuff was a lot more interesting than expected!

Finally, Phobos decryptor PoC published 🙃. I worked on it with Nazywam when I was at CertPl. It can decrypt most Phobos samples from the last 2 years, if you know the exact time decryption started (and PID). Very hard to use in practice but interesting PoC nonetheless.

Today Poland Can Into Space placed fourth on Hack-A-Sat qualifier and we're going to Vegas! This year's finals will include hacking the Moonlighter platform on orbit! Can 🇵🇱🥫🚀 conquer real 🛰️? We'll find out during DEFCON 31.

Better documentation, YARA scanning limitation, easier scaling, better user roles. Those are only some of the changes introduced in mquery 1.4! Full list of changes is available on ⬇️ github.com/CERT-Polska/mq…

What's the first step of dynamically unpacking obfuscated .NET malware? Writing your own debugger, of course. A story of unpacking the recent .NET stealer campaign: cert.pl/en/posts/2023/…. (Going to start posting more writeups soon, stay tuned)

Finished my #flareon10 today! Fun fact: I used #Ghidra exclusively (no Ida) to solve almost all challenges (two exceptions: Android and PDP-11 Forth). It works great.

I wrote a detailed writeup about #XWorm #Malware reverse-engineering. The stealer itself is nothing fancy, but check it out if you're interested in dissecting malware step by step. And if not, hey I share some code and IoCs too. cert.pl/en/posts/2023/…

CERT Poland's Jarosław Jedynak has posted a detailed and technical description of the XWorm analysis process, including the unpacking. XWorm is a multi-purpose malware family, commonly used as a RAT. cert.pl/en/posts/2023/…

I had the pleasure to conduct a 1.5 day #workshop about Threat Intel Pipelines and CTI to a room full of security experts during the #ITU Interregional #Cyberdrill for Europe and Asia-Pacific. I hope everyone had fun and maybe see you at the next Cyberdrill.

Slides (PL) from my yesterday's presentation at Oh My Hack #ohmyhack are here: tailcall.net/static/talks/o…. I've talked a bit about my recent research about stealers in a - hopefully - approachable way.

[PL] Oprócz Paged Out!, wypuściliśmy dzisiaj też wywiad z 𝗣𝗼𝗹𝗮𝗻𝗱 𝗖𝗮𝗻 𝗜𝗻𝘁𝗼 𝗦𝗽𝗮𝗰𝗲, tj. (p4 + Dragon Sector + przyjaciele) o HACK-A-SAT 4: ↓↓↓ youtube.com/watch?v=9Gl8ZZ… ↑↑↑

🚨 Uwaga na fałszywe reklamy na dużych platformach internetowych! Oszuści nadal skutecznie omijają mechanizmy weryfikacji, a platformy mają problem z ich powstrzymaniem. Jakie są rodzaje oszustw i dlaczego te mechanizmy zawodzą? 🤔 🔍➡️ cert.pl/posts/2024/11/…

Hi #Ghidra users. I've created a quick search/command palette/launcher plugin called "Ctrl+P". You can search for functions, labels, data, bookmarks, focus windows, launch scripts and trigger available action. github.com/msm-code/Ghidr… #reversing #reverseengineering #infosec

🚀Excited to announce ghidralib - a library that makes #Ghidra scripts drastically shorter and easier to write. I've been using it daily for #reverseengineering and decided it’s time to share! Check it out: github.com/msm-code/ghidr… And the docs: msm-code.github.io/ghidralib/ #infosec

RULECOMPILE - Undocumented Ghidra decompiler rule language. A blog post about how frustration with poor decompilation led me to dive deep into Ghidra's decompiler to discover (and reverse-engineer) - an obscure, undocumented DSL msm.lt/re/ghidra/rule… #reverseengineering #ghidra

Ghidralib development continues: py3 support, binary/asm patching, and symbolic propagation: github.com/msm-code/ghidr…. I also write docs for people who want to try it. Newest chapter: emulation msm-code.github.io/ghidralib/emul… #ghidra #reverseengineering

I analyzed thousands of messages from 35+ suspected state-sponsored hacktivist groups using machine learning—uncovering hidden connections through writing styles, language and topics. After a year of research, here’s what we found and how we did it. 👇 research.checkpoint.com/2025/modern-ap… 1/

My new post about #malware #deobfuscation - cert.pl/en/posts/2025/…. I focus on the simple - but powerful - technique of local substitutions. Uses #ghidra and ghidralib. Thx Nazywam for review.