I’m an IT Security expert with the specialization in web security and NFC solutions. I also do some backend development and DevOps/system administration.
Projects
NFC security
- nfc-developer / sdm-backend - Example backend server for Secure Dynamic Messaging (SDM)
- icedevml / avr-nfc-bootloader - NFC bootloader for ATmega microprocessors, implemented for MFRC522 NFC frontend, program can be flashed from Android application
Malware analysis tools
- CERT-Polska / DRAKVUF Sandbox - The first open-source hypervisor level malware sandbox for x86/x64 architecture (based on DRAKVUF by Tamas K Lengyel, LibVMI and Xen project)
- CERT-Polska / mquery - Blazingly fast Yara queries for malware analysts
Conferences and other public appearances
- [PL] Interview: Rozmowa Kontrolowana - Odcinek 66 - Michał Leszczyński
- [PL] Oh My H@ck 2020 - Miałem WordPressa, ale mi zhakowali
- [EN] The Standoff 365 (2020) - A few stories about virtual machine introspection and malware monitoring (with Adam Kliś)
- [EN] Virus Bulletin 2020 - A new open-source hypervisor-level malware monitoring and extraction system (with Krzysztof Stopczański)
- [PL] What The Hack 2019 - Parę sztuczek z Portable Executable, czyli ciekawe rzeczy które można zrobić w Windowsie (with Paweł Srokosz)
- [PL] PWNing 2019 / SECURE 2019 - Monitorowanie i rozpakowywanie złośliwego oprogramowania na poziomie hypervisora (with Krzysztof Stopczański)
- [PL] What The Hack 2018 - Hardware RE: hakujemy firmware zamka hotelowego i piszemy lepszy (with Jarosław Jedynak and Marek Klimowicz)
- [PL] PWNing 2018 - Hardware RE: hakujemy firmware zamka hotelowego i piszemy lepszy (with Jarosław Jedynak and Marek Klimowicz)
- [PL] SECURE 2018 - Jak zorganizować CTF i przetrwać, czyli organizacja konkursów dla hakerów z perspektywy admina
- [PL] Secure 2018 Early Bird - Meltdown i Spectre - co tam się stało?
Publications (PL)
- Meltdown and Spectre explained: Processor hacking (with Jarosław Jedynak and Michał Purzyński)
- Analysis of Przelewy24 mobile payment library from the security point of view
- Practical cryptography: Hashing, digital signatures and key derivation (with Jarosław Jedynak)
- Implementing web authentication using asymmetric cryptography (with Jarosław Jedynak)
- Algochecker project - a scalable Docker-based platform for automated testing of programs (with Dmytro Ievseienko, Paweł Paczuski, Przemysław Miazga)
- In response to XSS attacks - Content-Security-Policy mechanism
- SSL client certificates - how to deal with that?
- Hacker versus programmer, the thing about security of PHP web applications
Past projects
- Apartament4you - backend development and security audit; taking care of proper synchronization with external systems (like Booking.com)
- Algochecker - the Docker-based online judge platform developed at the WUT’s Faculty of Electronics and Information Technology (WEiTI PW); currently used for organization of teaching (and sometimes for some competitions); source code available on GitHub