programming & hardware & security 🦆 Pretending I know what I'm doing at @stm_cyber. Playing CTFs for @p4_team.
Joined May 2012
- Tweets 217
- Following 529
- Followers 445
- Likes 916
39 Photos and videos
Bonus retweeted
Apr 18
Now live: a GUI for Step CA that allows to visualize all issued certificates; it also allows to create "invitations" to easily onboard (even non-technical) people onto your private CA through a friendly web-based flow.
GitHub icedevml/tinypki:
github.com/icedevml/tinypki
6
37
4,279
Bonus retweeted
Jan 30
‼️At the end of last year, there was a series of coordinated attacks in Polish cyberspace.
📌Today, our team is publishing a report describing the technical analysis of these events. We show the scheme of operation and the tools used by the attackers.
➡️cert.pl/uploads/docs/CERT_Po…
12
148
302
74,950
11 Jul 2025
I normally only lurk on twitter, but @0x_shaq is cooking with the mems so I had to join.
1
4
50
3,076
Bonus retweeted
6 Jun 2025
Gamers express concern over anti-cheats and assert them to be spyware running as "root" on Windows.
Malware doesn't need to be ran at an elevated privilege (especially "root") to achieve it's objective of exfiltrating sensitive information or "spying" on you by watching what you're doing.
All of this can be achieved easily from user mode and can (usually) work even in restricted environments.
tl;dr these large game publishers don't need an anti-cheat to spy on you. They can do it easily from user mode.
48
75
1,021
76,298
24 May 2025
Did you ever hear the tragedy of the 4-layer PCB design? I thought not. It's not a story the senior engineers would tell you. It's a @JLCPCB legend.
5
318
RULECOMPILE - Undocumented Ghidra decompiler rule language. A blog post about how frustration with poor decompilation led me to dive deep into Ghidra's decompiler to discover (and reverse-engineer) - an obscure, undocumented DSL
msm.lt/re/ghidra/rulecompile…
#reverseengineering #ghidra
ALT A image that shows a piece of code. On top there is an expression (param_1 & 1) * 2 (param_1 ^ 1). On the bottom is a deobfuscated version, param_1 1. In the middle there is a custom Ghidra DSL, explained in the post.
2
12
38
2,104
Bonus retweeted
24 Sep 2024
"Memory safety is a very small part of security."
-- C Committee submission to DOE laying out the language's memory safety strategy.
It's not a long document. Give it a read.
downloads.regulations.gov/ON…
29
56
407
52,760
14 Jun 2024
>decide to write backend using modern libraries
>instant regret
1
2
246
6 Feb 2024
Lesson learned. Yes, it's cool to help open source hardware projects. But waiting 1.5 years with no end in sight is just unacceptable. Wish I could cancel my orders and order one-off from JLC on my own. Hope this saves time for those who would consider buying from crowdsupply.
4
515
15 Jan 2024
I did a thing :)
15 Jan 2024
We are releasing the first wave of vulnerabilities targeting @paxtechnology PAX Android POS terminals.
The list includes pre-auth RCE on the root account by exploiting a hidden bootloader functionality via USB.
You can expect more POS CVEs soon™ :)
blog.stmcyber.com/pax-pos-cv…
1
10
1,050
14 Jan 2024
Looking for leaked source code of a proprietary firmware be like:
2
312
13 Jan 2024
tfw vendor doesn't even bother making up a fancy name for it:
$ strings flash.bin | grep 'Back door'
Back door key check: Invalid checksum.
Back door key check: Invalid magic number.
Back door key check: Invalid file name.
Back door key check: success.
3
22
4,034
Bonus retweeted
26 Dec 2023
Tomorrow (27.12) 23:00 CET, don't miss it! :)
4
35
294
49,050
Bonus retweeted
18 Dec 2023
[PL] Oprócz Paged Out!, wypuściliśmy dzisiaj też wywiad z 𝗣𝗼𝗹𝗮𝗻𝗱 𝗖𝗮𝗻 𝗜𝗻𝘁𝗼 𝗦𝗽𝗮𝗰𝗲, tj. (@p4_team @DragonSectorCTF przyjaciele) o HACK-A-SAT 4:
↓↓↓
youtube.com/watch?v=9Gl8ZZDb…
↑↑↑
3
16
62
15,768
18 Oct 2023
We managed to win yet another space-related CTF, this time organized by @esaoperations. We managed to join forces with 2 great hackers from @HPI_DE, to form a 🇵🇱🇩🇪 team.
🛰️ 🔫 🦆
18 Oct 2023
It's 2075 and a cyber attack has cut off all communication with the Mars Research Station😲
Yesterday, eight teams from across Europe came to ESA's #MissionControl in Darmstadt, Germany, to take charge and protect the station🔴🛡️.
Their mission was to take control of small (and pretty cute) rovers to navigate through a maze and repair malfunctioning systems while protecting their rovers from cyber attacks (coming from the other teams😏🤖).
The #PwnTheRover contest offers real-world #cybersecurity scenarios, putting contestants' abilities to the test and inspiring young generations.
🏆 Stay tuned for the grand reveal of the winning teams!
🤝In collaboration with @FraunhoferSIT and @ATHENECenter✨
4
8
651