Over the years, I've shared my findings through publications like How Secure Are Your Application Secrets? Lessons from Years of Real-World Penetration Tests, Memory Heist: The Secrets and Risks of Cold Boot Attacks, and Why you shouldn't (again) roll your own cryptography - real-life case in 2024. These works dive deep into topics from SPI sniffing and TPM traffic analysis to the challenges of behavioral biometrics and the silent threat of ReDoS.
I also love engaging with the community by presenting at major events—whether it's revealing TPM (in)security at Sekurak Academy 2024, showcasing FPGA hash cracking at the Mega Sekurak Hacking Party 2024, or live-demonstrating cold boot attacks. These conferences keep me on the cutting edge and fuel my drive to innovate.
One of my proud projects, IRSentry, is a symbolic execution engine designed to uncover security vulnerabilities, embodying my commitment to blending research with hands-on hacking.
Thanks for stopping by—explore, learn, and let's push the boundaries of what's possible in security together!
- How Secure Are Your Application Secrets? Lessons from Years of Real-World Penetration Tests
- From SPI Sniffing to Keys: Extracting Clevis/BitLocker Secrets from TPM Traffic
- Memory Heist: The Secrets and Risks of Cold Boot Attacks
- How NOT to store data in a desktop application?
- Why you shouldn't (again) roll your own cryptography - real-life case in 2024.
- Exploring DaaS Security - part 2: Other available applications on the machine (3rd party)
- Exploring DaaS Security: A Comprehensive Guide Based on Vulnerabilities Uncovered in Real Pentests - part 1
- Idea behind Khazad-dum - a TPM2 secret manager!
- Why you shouldn't roll your own cryptography - real-life case in 2023
- Beyond fingerprints: Discussing the challenges of behavioral biometrics security
- The Silent Threat of ReDoS: 2023 Real-Life Pentest Case
- Sekurak Academy 2024 - Secrets of TPM (in)security
- BSides Warsaw 2024 - HashSlayer - State-of-the-art of cracking hashes on FPGA
- Mega Sekurak Hacking Party 2024 - HashSlayer - State-of-the-art of cracking hashes on FPGA
- Sekurak Academy 2024 - Cold Boot Attack Live. How to decrypt a laptop by freezing the memory?
- Sekurak Academy 2023 - Can you hack everything with Python?
- Mega Sekurak Hacking Party 2023 - CRYptography by Iwona Polak and Mateusz Lewczak
