Malware analyst. Cofounder of @p4_team. No independent thought: ALL opinions belong to my employers, cats. and friends. msm@infosec.exchange msm0.bsky.social
Joined February 2016
- Tweets 139
- Following 67
- Followers 1,742
- Likes 376
18 Photos and videos
Finally, some easy to use software for local CA/PKI management🙏.
Apr 18
Now live: a GUI for Step CA that allows to visualize all issued certificates; it also allows to create "invitations" to easily onboard (even non-technical) people onto your private CA through a friendly web-based flow.
GitHub icedevml/tinypki:
github.com/icedevml/tinypki
5
417
msm retweeted
Feb 17
We have just published a new blog article on the topic of ClickFix/fake CAPTCHA campaigns.
Step-by-step overview of the infection, malware analysis, IoCs and YARA rules to help secure your own infrastructure.
🔗 cert.pl/en/posts/2026/02/fak…
12
41
4,190
My short blog post on ClickFix threats (with focus on malware used in recent campaigns): cert.pl/en/posts/2026/02/fak…
1
4
249
msm retweeted
Logowanie do #KSeF z poziomu Pythona przez klucz zgodny z PKCS#11, np. podpis/pieczęć kwalifikowaną w formie karty, tokena USB albo HSMa. Umożliwia też hostowanie kluczy od certyfikatów wydanych przez KSeF w HSMie, albo kluczem na dysku w formacie PEM.
github.com/icedevml/pyksef
1
5
515
msm retweeted
19 Nov 2025
🔍 Have you tried monitoring certificate transparency logs lately and found existing tools or libraries disappointing?
✅ Fear not! We're releasing a better one, with tiled format support, async operations, state persistence and an easy-to-use API.
🔗 github.com/CERT-Polska/ct-mo…
11
41
4,937
My new post about #malware #deobfuscation - cert.pl/en/posts/2025/04/pee…. I focus on the simple - but powerful - technique of local substitutions. Uses #ghidra and ghidralib. Thx @nazywam for review.
1
7
18
1,228
msm retweeted
27 Feb 2025
I analyzed thousands of messages from 35 suspected state-sponsored hacktivist groups using machine learning—uncovering hidden connections through writing styles, language and topics.
After a year of research, here’s what we found and how we did it. 👇
research.checkpoint.com/2025…
1/
6
82
220
28,793
Ghidralib development continues: py3 support, binary/asm patching, and symbolic propagation: github.com/msm-code/ghidrali…. I also write docs for people who want to try it. Newest chapter: emulation msm-code.github.io/ghidralib…
#ghidra #reverseengineering
1
18
1,195
RULECOMPILE - Undocumented Ghidra decompiler rule language. A blog post about how frustration with poor decompilation led me to dive deep into Ghidra's decompiler to discover (and reverse-engineer) - an obscure, undocumented DSL
msm.lt/re/ghidra/rulecompile…
#reverseengineering #ghidra
ALT A image that shows a piece of code. On top there is an expression (param_1 & 1) * 2 (param_1 ^ 1). On the bottom is a deobfuscated version, param_1 1. In the middle there is a custom Ghidra DSL, explained in the post.
2
12
38
2,103
🚀Excited to announce ghidralib - a library that makes #Ghidra scripts drastically shorter and easier to write. I've been using it daily for #reverseengineering and decided it’s time to share! Check it out: github.com/msm-code/ghidrali… And the docs: msm-code.github.io/ghidralib… #infosec
2
91
300
17,259
Hi #Ghidra users. I've created a quick search/command palette/launcher plugin called "Ctrl P". You can search for functions, labels, data, bookmarks, focus windows, launch scripts and trigger available action.
github.com/msm-code/GhidraCt…
#reversing #reverseengineering #infosec
15
66
5,501
msm retweeted
25 Nov 2024
🚨 Uwaga na fałszywe reklamy na dużych platformach internetowych!
Oszuści nadal skutecznie omijają mechanizmy weryfikacji, a platformy mają problem z ich powstrzymaniem.
Jakie są rodzaje oszustw i dlaczego te mechanizmy zawodzą? 🤔
🔍➡️ cert.pl/posts/2024/11/Oszust…
6
25
86
25,706
msm retweeted
18 Dec 2023
[PL] Oprócz Paged Out!, wypuściliśmy dzisiaj też wywiad z 𝗣𝗼𝗹𝗮𝗻𝗱 𝗖𝗮𝗻 𝗜𝗻𝘁𝗼 𝗦𝗽𝗮𝗰𝗲, tj. (@p4_team @DragonSectorCTF przyjaciele) o HACK-A-SAT 4:
↓↓↓
youtube.com/watch?v=9Gl8ZZDb…
↑↑↑
3
16
62
15,768
Slides (PL) from my yesterday's presentation at @OMHconf
#ohmyhack are here: tailcall.net/static/talks/om…. I've talked a bit about my recent research about stealers in a - hopefully - approachable way.
4
17
1,822
I had the pleasure to conduct a 1.5 day #workshop about Threat Intel Pipelines and CTI to a room full of security experts during the #ITU Interregional #Cyberdrill for Europe and Asia-Pacific. I hope everyone had fun and maybe see you at the next Cyberdrill.
1
6
973
msm retweeted
25 Oct 2023
CERT Poland's Jarosław Jedynak has posted a detailed and technical description of the XWorm analysis process, including the unpacking. XWorm is a multi-purpose malware family, commonly used as a RAT. cert.pl/en/posts/2023/10/dew…
28
62
7,493
I wrote a detailed writeup about #XWorm #Malware reverse-engineering. The stealer itself is nothing fancy, but check it out if you're interested in dissecting malware step by step. And if not, hey I share some code and IoCs too.
cert.pl/en/posts/2023/10/dew…
1
4
732
Finished my #flareon10 today! Fun fact: I used #Ghidra exclusively (no Ida) to solve almost all challenges (two exceptions: Android and PDP-11 Forth). It works great.
3
31
4,169
What's the first step of dynamically unpacking obfuscated .NET malware? Writing your own debugger, of course.
A story of unpacking the recent .NET stealer campaign: cert.pl/en/posts/2023/09/unp….
(Going to start posting more writeups soon, stay tuned)
1
23
78
11,978
msm retweeted
5 Apr 2023
Better documentation, YARA scanning limitation, easier scaling, better user roles. Those are only some of the changes introduced in mquery 1.4!
Full list of changes is available on ⬇️
github.com/CERT-Polska/mquer…
1
5
21
3,885