IGK is an annual game development conference in Poland and quite a fun one at that (not that I've been at many gamedev conferences). This year it started 29 of March and ended 1 of April in the evenin...

In my yesterday's post, I over-viewed the situation of a fglrx-related bug in compiz that I have been working on recently. Today, after consultation with the developers from ATI and a joint bug-search with Sam Spilsbury, we were finally able to find the root cause of the issue - resulting in a one liner fix for a bug in compiz. So why did this bug only happen for fglrx? Easy. Due to implementation differences in the drivers.

I wanted to share a short story about an irritating bug I have been trying to fix in Ubuntu's compiz, related to the ATI Radeon proprietary closed driver fglrx. I had many context switches during the process, so it took longer than I suspected. This post might shed some light on a strangely specific problem that I encountered.

Just in case you missed it HITB Magazine #8 is out! http://magazine.hitb.org/ PDF Download link is on the right (~2MB) and in addition you can order a printed copy on the bottom of the page. I'...

Every one or two quarters, there’s the one day we all wait for – and that’s when the latest issue of the Hack in the Box Magazine is released Thanks to the hard and awesome work of Zarul Shahrin and the entire editorial crew, we are very excited to announce that the eight edition is [...]

Some time ago I've learned that you could connect two joysticks to the one-joystick-port CPC464 (you know, the old 8-bit computer I've already mentioned in few posts). So, I decided to practice my ele...

Today just a short post, glued together from a few small things that I found useful - more specifically, regarding deb-triggers and some old Plymouth bits. Anyway, geh, it's so busy lately...

A short post about something that's not really documented. When working on a communication application for Haiku, I needed to create a typical configuration wizard window. I required a few views to be present in one spot, with only one being shown at the same time - with the ability to switch between them on user Next/Prev button press. Since Haiku exports a neat layout API, I wanted to use one of those if only possible. And then I found the BCardLayout. Come visit my Haiku Blog-O-Sphere page and read my new blog-entry - Bits and Pieces: The Small BCardLayout.

Title: A Bug Hunter’s Diary. A Guided Tour Through the Wilds of Software Security. Author: Tobias Klein ISBN: 978-1-59327-385-9 Published: November 2011 Websites: http://nostarch.com/bughunter.htm, http://www.trapkit.de/books/bhd/en.html In the modern times of noisy news headlines like “A Security Researchers Unveils a Critical Vulnerability in Product X”, little is publicly said about the overall bug hunting process, in lieu of discussions regarding [...]

Quite recently I had the need and 'pleasure' of playing around with the Plymouth bootsplash. For those that don't know, Plymouth is an application which runs very early during the boot process and displays either textual or graphical boot animation, hiding the actual boot process in the background. There isn't much documentation available on the configuration and installation process - usually this is done by system distributors, not users themselves. As noted on the homepage, Plymouth isn't really designed to be built from source by end users. You can find some basic howto's around the internet, but today I would like to concentrate on the few bits that are harder to find.

That’s just a short notification that I decided to release the Windows Security Hardening Through Kernel Address Protection article published in Hack in the Box Magazine #7 over a month ago (see HITB #7 on the wild, at last). The paper is now available in a nicely formatted, printer-friendly format. If you missed it then, [...]

[Note: Collaborative post by Gynvael Coldwind and Mateusz "j00ru" Jurczyk] Five weeks ago, we have taken part in a fancy game-development competition aka Google GameJam 48h. As the name implies, the contest lasted for precisely two days; unfortunately, we were proven to lack supernatural powers and had to spend some of the precious time sleeping [...]

[Note: Collaborative post by Gynvael Coldwind and Mateusz "j00ru" Jurczyk] Five weeks ago, we have taken part in a fancy game-development competition aka Google GameJam 48h. As the name implies, the c...

Long time no see, huh? TL;DR: I created and released a complete Windows NT-family syscall table. See the bottom of the post for a link. For the last couple of years, the Metasploit project (gritz skape!) has been hosting a table of the core Windows kernel services, also known as system calls (originally available at [...]

Michal Zalewski's (who is better known as lcamtuf) new book went public a couple of hours ago. Since I was one of the lucky ones to get to see the book before it was published, I decided to write a sh...

Recently, I did some experimenting with the available OSK's (on-screen keyboards) around, ultimately focusing my attention on Maliit. Maliit is an OSK project mainly known for its use on the MeeGo mobile platform - but in reality it can also be used as an input method for both Qt and GTK+ standard applications on any Linux based operating system. Since the project is being actively developed and changes are made quite rapidly, a bit of work was needed to make it work for all possible IM cases. Nothing too complicated though. Let me help you dive in into the world of Maliit. Big thanks to all Maliit developers for their swift and professional help!

Recently I've stumbled on a review of a 1993 Amiga RPG game called Perihelion. I've never played this game (which I've heard is pretty good btw), but after looking at the screenshots I was amazed by w...

Hello, It gives me a great pleasure to announce that after several months past the last release (see The HITB Magazine #6 now available!), the awesome crew (as always, special kudos to Zarul Shahrin) has managed to put up the 7th edition of Hack in the Box Magazine! Without much ado, I will just say [...]

NetSock is a simple socket/networking lib/wrapper for C++ I've wrote back in 2007 (or 2006, actually not sure) and update from time to time. Even though I've been using it in random projects I'm relea...

A modified kernel, a custom system - this can lead to the kernel not being able to boot properly. What to do in such case? Usually we can try getting as much information as possible to locate the underlying problem. We can use some quite basic techniques to achieve our goal.

A few years back, we’ve been (i.e. j00ru and Gynvael) working on a bootkit-related project (some polish SecDay’09 presentation slides can be found here: Bootkit vs Windows.pdf). One of its basic requirements was the ability to load custom boot-”sectors” from an external host in the local network. Since the publicly available solutions required too much [...]

A few years back, we've been (i.e. j00ru and Gynvael) working on a bootkit-related project (some polish SecDay'09 presentation slides can be found here: Bootkit vs Windows.pdf). One of its basic requi...

Due to my forthcoming move to Switzerland, I haven’t had much time to post anything new here for quite some time. Hopefully, this will change soon after I am set up in my new location. In the meanwhile, I would like to share several tables presenting the differences in the export table symbols and native [...]

The interesting difference between ASCII and Unicode is that the first had only one group of digits defined (30h to 39h), and the latter defines 42 decimal digit groups (I think it actually defines mo...

In march I've published some research related to Just another PHP LFI exploitation method that used the fact that the PHP engine stores (on disk) uploaded files (rfc1867) for a short period of time, e...