Windows CSRSS Write Up: Inter-process Communication (part 2/3)

By j00ru | Tue, 27 Jul 2010 21:41:30 +0000 | @domain: faviconj00ru.vexillium.org
A quick beginning note: My friend d0c_s4vage has created a technical blog and posted his first text just a few days ago. The post entry covers a recent, critical libpng vulnerability discovered by this guy; the interesting thing is that, among others, the latest Firefox and Chrome versions were vulnerable. Feel free to take a [...]

CONFidence 2010 - video from our lecture about the Windows vulnerabilities

By Gynvael Coldwind | Wed, 21 Jul 2010 00:05:36 +0200 | @domain: favicongynvael.coldwind.pl
The videos from some CONFidence 2010 lectures have been published. Inter alia, the video from my and j00ru's lecture "Case study of recent Windows vulnerabilities" is available. The video is in a down...

Blog customization, old PHP advisories

By j00ru | Tue, 20 Jul 2010 00:09:11 +0000 | @domain: faviconj00ru.vexillium.org
Hey there! Today, I would like to post a less-technical text, discussing two issues I have recently came across, or been busy with; don't worry though, as CSRSS Write-Up: IPC (part 2/3) is on the way. The first matter is about recent changes applied to the blog appearance and functionality, while the latter regards the [...]

Just some old PHP research

By Gynvael Coldwind | Tue, 20 Jul 2010 00:05:33 +0200 | @domain: favicongynvael.coldwind.pl
Yesterday in the night we've published (on j00ru's blog) some old, low severity, PHP advisories (well, they are more research papers than actual advisories). Basically we've done the research to test ...

HiperDrop 0.0.1

By Gynvael Coldwind | Mon, 19 Jul 2010 00:05:27 +0200 | @domain: favicongynvael.coldwind.pl
Looking through my directories I've found some tools that I've kept hidden in my desk, unpublished for some strange reasons. I'm thinking about finalizing the basic functionality of these, and finally...

Hispasec, time to move on...

By Gynvael Coldwind | Sun, 18 Jul 2010 00:05:26 +0200 | @domain: favicongynvael.coldwind.pl
The evening of 12 December 2006 I've written on my OpenRCE blog a post, in which I've explained that I'm looking for a job as a reverse engineer / programmer. After a few hours I've got an e-mail from...

Windows CSRSS Write Up: Inter-process Communication (part 1/3)

By j00ru | Tue, 13 Jul 2010 16:19:56 +0000 | @domain: faviconj00ru.vexillium.org
In the second post of the Windows CSRSS Write Up series, I would like to explain how the practical communication between the Windows Subsystem and user's process takes place under the hood. Due to the fact that some major improvements have been introduced in Windows Vista and later, the entire article is split into two [...]

RECON - slideshow

By Gynvael Coldwind | Fri, 09 Jul 2010 00:05:25 +0200 | @domain: favicongynvael.coldwind.pl
A very short post - the slides from out presentation from RECON 2010 about the Syndicate Wars Port: recon_swars.pdf (1MB) I'll write more later ;)...

Windows CSRSS Write Up: the basics (part 1/1)

By j00ru | Thu, 08 Jul 2010 20:38:14 +0000 | @domain: faviconj00ru.vexillium.org
NOTE: The following post entry opens a series of CSRSS-oriented articles, aiming at describing the uncovered CSRSS mechanism internals, present in the Windows OS for more than fifteen years now. Although some great research has already been carried out by a few curious guys (check out the references), no thorough case study is available until [...]

Attacking the Host via Remote Kernel Debugger (Virtual Machines)

By j00ru | Sat, 03 Jul 2010 16:28:00 +0000 | @domain: faviconj00ru.vexillium.org
NOTE: This post is highly related to the research performed by Alex Ionescu. He is going to present the results of his work on the RECON2010 conference, during his Debugger-based Target-to-Host Cross-System Attacks speech. As it turns out, me and Alex have been working on the same subject concurrently - while I have only managed [...]

(Polski) HITB eZine Issue 003 w sieci!

By j00ru | Fri, 02 Jul 2010 14:09:43 +0000 | @domain: faviconj00ru.vexillium.org
Sorry, this entry is only available in Polski.

A quick insight into the Driver Signature Enforcement

By j00ru | Sun, 20 Jun 2010 00:32:45 +0000 | @domain: faviconj00ru.vexillium.org
Hey! I have recently had some fun playing around with driver signing on Windows x64, and so I like to share some matters that have came into my head Therefore, let me briefly describe some internal mechanisms lying behind well known Driver Signature Enforcement, a significant part of the Code Integrity feature introduced by Microsoft [...]

CONFidence 2010 is over

By j00ru | Sun, 30 May 2010 08:18:52 +0000 | @domain: faviconj00ru.vexillium.org
One of the biggest (best ) IT security-oriented conferences in Poland finished three days ago, in the wednesday evening. In the very first place, I would like to congratulate all the organisers, for their decision on where the event should be held, as well as how it should look like - during these two days, [...]

CONFidence 2010 is over

By j00ru | Sun, 30 May 2010 08:18:52 +0000 | @domain: faviconj00ru.vexillium.org
One of the biggest (best ) IT security-oriented conferences in Poland finished three days ago, in the wednesday evening. In the very first place, I would like to congratulate all the organisers, for their decision on where the event should be held, as well as how it should look like - during these two days, [...]

CONFidence 2010 slides and original vulnerability advisories

By Gynvael Coldwind | Sun, 30 May 2010 00:05:16 +0200 | @domain: favicongynvael.coldwind.pl
Just a short (almost copy-pasted from j00ru's blog) post with the original advisories of the vulnerabilities we've talked about on CONFidence (and earlier on Hack In The Box Dubai), with slides used b...

RECON 2010 - paper accepted

By Gynvael Coldwind | Wed, 05 May 2010 00:05:13 +0200 | @domain: favicongynvael.coldwind.pl
A few months ago we've (with Unavowed) sent a submission for the CFP for RECON, a Canadian (Montreal) conference that takes place from 9th till 11th July. Yesterday our topic was published on the offi...

Windows CSRSS cross-version API Table

By j00ru | Mon, 03 May 2010 00:09:52 +0000 | @domain: faviconj00ru.vexillium.org
Hello! It seems like half a year has passed since I published the Win32k.SYS system call table list on the net. During this time (well, it didn't take so long ) I managed to gather enough information to release yet another API list - this time, concerning an user-mode application - CSRSS (Client/Server Runtime SubSystem). [...]

Windows CSRSS cross-version API Table

By j00ru | Mon, 03 May 2010 00:09:52 +0000 | @domain: faviconj00ru.vexillium.org
Hello! It seems like half a year has passed since I published the Win32k.SYS system call table list on the net. During this time (well, it didn't take so long ) I managed to gather enough information to release yet another API list - this time, concerning an user-mode application - CSRSS (Client/Server Runtime SubSystem). [...]

Windows CSRSS cross-version API Table

By Gynvael Coldwind | Mon, 03 May 2010 00:05:11 +0200 | @domain: favicongynvael.coldwind.pl
Just a redirect-post for all you Windows researcher: Matthew has published a CSRSS opcode table on his blog - go and take a look - http://j00ru.vexillium.org/?p=349&lang=en :)...

Windows Kernel Vulnerabilities continued – details

By j00ru | Thu, 22 Apr 2010 14:34:19 +0000 | @domain: faviconj00ru.vexillium.org
And so it happened ;> As I've written in this post, Gynvael Coldwind has just finished speaking about recent Windows Kernel Vulnerabilities on the Hack In The Box Dubai conference, taking place today. Unfortunately, because of the European air communication being disabled these days, the presentation was held remotely - one way or another, it [...]

Windows Kernel Vulnerabilities continued – details

By j00ru | Thu, 22 Apr 2010 14:34:19 +0000 | @domain: faviconj00ru.vexillium.org
And so it happened ;> As I've written in this post, Gynvael Coldwind has just finished speaking about recent Windows Kernel Vulnerabilities on the Hack In The Box Dubai conference, taking place today. Unfortunately, because of the European air communication being disabled these days, the presentation was held remotely - one way or another, it [...]

HITB eZine Issue 002 is out!

By j00ru | Thu, 22 Apr 2010 11:47:32 +0000 | @domain: faviconj00ru.vexillium.org
Sorry, this entry is only available in Polski.

HITB Dubai PDF and CONFidence 2010 in Krakow

By Gynvael Coldwind | Thu, 22 Apr 2010 00:05:06 +0200 | @domain: favicongynvael.coldwind.pl
A few moments ago I've finished my talk at Hack In The Box in Dubai, on which I couldn't of course be in the flesh, since mr.Eyjafjallajökull canceled my flights, hence I've presented by phone and liv...

CTcpFwd – cross-platform stdin/out to socket forwarding class

By j00ru | Mon, 19 Apr 2010 23:17:32 +0000 | @domain: faviconj00ru.vexillium.org
Hello, A few weeks ago, I had the pleasure to take part in a  local 24-hour long, programming marathon (greets to my team: Pawel and Wojtek!). Due to the nature of the competition, I was obliged to create a simple class, making it possible to redirect sockets to standard i/o (stdin / stdout), which would [...]

CTcpFwd – cross-platform stdin/out to socket forwarding class

By j00ru | Mon, 19 Apr 2010 23:17:32 +0000 | @domain: faviconj00ru.vexillium.org
Hello, A few weeks ago, I had the pleasure to take part in a  local 24-hour long, programming marathon (greets to my team: Pawel and Wojtek!). Due to the nature of the competition, I was obliged to create a simple class, making it possible to redirect sockets to standard i/o (stdin / stdout), which would [...]

Volcano in the backyard and HITB Dubai

By Gynvael Coldwind | Mon, 19 Apr 2010 00:05:02 +0200 | @domain: favicongynvael.coldwind.pl
Well... it looks like that, due to the mess that the Island volcano Eyjafjoell made, they canceled my flights to Dubai. As a reminder - I was going to give a speech on the Hack In The Box conference a...

Windows Kernel Vulnerabilities release (Hispasec research)

By j00ru | Tue, 13 Apr 2010 20:20:26 +0000 | @domain: faviconj00ru.vexillium.org
Today, during the Patch Tuesday, Microsoft has released bits of information regarding the security vulnerabilities present in the Windows kernel - found and exploited (in the Proof of Concept form) by me and Gynvael Coldwind - which are directly connected with a well-known Windows Registry functionality. Five bugs have been described (there is a total [...]

Windows Kernel Vulnerabilities release (Hispasec research)

By j00ru | Tue, 13 Apr 2010 20:20:26 +0000 | @domain: faviconj00ru.vexillium.org
Today, during the Patch Tuesday, Microsoft has released bits of information regarding the security vulnerabilities present in the Windows kernel - found and exploited (in the Proof of Concept form) by me and Gynvael Coldwind - which are directly connected with a well-known Windows Registry functionality. Five bugs have been described (there is a total [...]

[HISPASEC Research] Windows Kernel Vulnerabilities... x5 :)

By Gynvael Coldwind | Tue, 13 Apr 2010 00:04:58 +0200 | @domain: favicongynvael.coldwind.pl
I've already written, in February, about the first vulnerability found by our team (that would be j00ru and me). Today, Microsoft has published reports about 5 more (well, there were 6 actually, but M...

Hack In The Box 2010 Dubai, "Case study of recent Windows vulnerabilities"

By Gynvael Coldwind | Mon, 22 Feb 2010 00:04:49 -0700 | @domain: favicongynvael.coldwind.pl
About a month ago I've sent a CFP submission for the Hack In The Box 2010 Dubai conference, and yesterday I've officially got informed that my lecture was accepted! So, it looks like I'll be speaking ...

Hack In The Box 2010 Dubai, "Case study of recent Windows vulnerabilities"

By Gynvael Coldwind | Mon, 22 Feb 2010 00:04:49 +0100 | @domain: favicongynvael.coldwind.pl
About a month ago I've sent a CFP submission for the Hack In The Box 2010 Dubai conference, and yesterday I've officially got informed that my lecture was accepted! So, it looks like I'll be speaking ...

Microsoft Windows CSRSS Local Privilege Elevation Vulnerability

By Gynvael Coldwind | Wed, 10 Feb 2010 00:04:44 -0700 | @domain: favicongynvael.coldwind.pl
Today is Exploit Wednesday, so it means that yesterday was Patch Tuesday. So, as every month, Microsoft published Microsoft Security Bulletin Summary (for February 2010) and a couple of patches. One o...

Microsoft Windows CSRSS Local Privilege Elevation Vulnerability

By Gynvael Coldwind | Wed, 10 Feb 2010 00:04:44 +0100 | @domain: favicongynvael.coldwind.pl
Today is Exploit Wednesday, so it means that yesterday was Patch Tuesday. So, as every month, Microsoft published Microsoft Security Bulletin Summary (for February 2010) and a couple of patches. One o...

The tale of Syndicate Wars Port

By Gynvael Coldwind | Wed, 27 Jan 2010 00:04:39 +0100 | @domain: favicongynvael.coldwind.pl
As promised, It's time to reveal the technical story behind the Syndicate Wars Port. The story is divided into two parts - the first, and the second attempt to port this game. Comments are welcomed! ...

The tale of Syndicate Wars Port

By Gynvael Coldwind | Tue, 26 Jan 2010 00:04:39 -0700 | @domain: favicongynvael.coldwind.pl
As promised, It's time to reveal the technical story behind the Syndicate Wars Port. The story is divided into two parts - the first, and the second attempt to port this game. Comments are welcomed! ...

The tale of Syndicate Wars Port

By Gynvael Coldwind | Tue, 26 Jan 2010 00:04:39 +0100 | @domain: favicongynvael.coldwind.pl
As promised, It's time to reveal the technical story behind the Syndicate Wars Port. The story is divided into two parts - the first, and the second attempt to port this game. Comments are welcomed! ...

Syndicate Wars Port - a reverse-engineering tale

By Gynvael Coldwind | Tue, 26 Jan 2010 00:04:38 +0100 | @domain: favicongynvael.coldwind.pl
Syndicate Wars is a game published in 1996, created by Bullfrog. The game was written in C (Watcom) for the DOS4GW DOS extender. And of course it has stopped working natively (i.e. without emulators l...

Syndicate Wars Port - a reverse-engineering tale

By Gynvael Coldwind | Mon, 25 Jan 2010 00:04:38 -0700 | @domain: favicongynvael.coldwind.pl
Syndicate Wars is a game published in 1996, created by Bullfrog. The game was written in C (Watcom) for the DOS4GW DOS extender. And of course it has stopped working natively (i.e. without emulators l...

Syndicate Wars Port - a reverse-engineering tale

By Gynvael Coldwind | Mon, 25 Jan 2010 00:04:38 +0100 | @domain: favicongynvael.coldwind.pl
Syndicate Wars is a game published in 1996, created by Bullfrog. The game was written in C (Watcom) for the DOS4GW DOS extender. And of course it has stopped working natively (i.e. without emulators l...

“Descriptor tables in kernel exploitation” – a new article

By j00ru | Sun, 17 Jan 2010 00:24:38 +0000 | @domain: faviconj00ru.vexillium.org
Hi there! Not so long (a few weeks, actually) ago, me together with Gynvael Coldwind had a chance to carry out a research regarding the Global and Local Descriptor Tables being used as a write-what-where target, while exploiting ring-0 vulnerabilities on 32-bit Microsoft Windows NT-family systems. The result of our work is a small article, [...]

“Descriptor tables in kernel exploitation” – a new article

By j00ru | Sun, 17 Jan 2010 00:24:38 +0000 | @domain: faviconj00ru.vexillium.org
Hi there! Not so long (a few weeks, actually) ago, me together with Gynvael Coldwind had a chance to carry out a research regarding the Global and Local Descriptor Tables being used as a write-what-where target, while exploiting ring-0 vulnerabilities on 32-bit Microsoft Windows NT-family systems. The result of our work is a small article, [...]

GDT and LDT in Windows kernel vulnerability exploitation

By Gynvael Coldwind | Sun, 17 Jan 2010 00:04:34 +0100 | @domain: favicongynvael.coldwind.pl
A few weeks ago j00ru has visited me, and, as one can figure out, some more or less interesting ideas came to be. One of such ideas was to use the Call-Gate mechanism in kernel/driver exploit developm...

GDT and LDT in Windows kernel vulnerability exploitation

By Gynvael Coldwind | Sat, 16 Jan 2010 00:04:34 -0700 | @domain: favicongynvael.coldwind.pl
A few weeks ago j00ru has visited me, and, as one can figure out, some more or less interesting ideas came to be. One of such ideas was to use the Call-Gate mechanism in kernel/driver exploit developm...

GDT and LDT in Windows kernel vulnerability exploitation

By Gynvael Coldwind | Sat, 16 Jan 2010 00:04:34 +0100 | @domain: favicongynvael.coldwind.pl
A few weeks ago j00ru has visited me, and, as one can figure out, some more or less interesting ideas came to be. One of such ideas was to use the Call-Gate mechanism in kernel/driver exploit developm...

HITB Magazine (ezin) #1

By Gynvael Coldwind | Mon, 11 Jan 2010 00:04:32 -0700 | @domain: favicongynvael.coldwind.pl
The Hack In The Box ezine, which was published in the years 2000-2005 (37 issues total) has been revived! The newest issue contains 6 articles (including mine), which gives 44 pages of text, in PDF (l...

HITB Magazine (ezin) #1

By Gynvael Coldwind | Mon, 11 Jan 2010 00:04:32 +0100 | @domain: favicongynvael.coldwind.pl
The Hack In The Box ezine, which was published in the years 2000-2005 (37 issues total) has been revived! The newest issue contains 6 articles (including mine), which gives 44 pages of text, in PDF (l...

DR6 may or may not be useful for bochs/VirtualPC detection

By Gynvael Coldwind | Tue, 05 Jan 2010 00:04:29 -0700 | @domain: favicongynvael.coldwind.pl
This post will be similar to the previous one, and will be about small, but interesting, details of x86 architecture, that might be (and sometimes are) easily overlooked by creators of emulators and v...

DR6 may or may not be useful for bochs/VirtualPC detection

By Gynvael Coldwind | Tue, 05 Jan 2010 00:04:29 +0100 | @domain: favicongynvael.coldwind.pl
This post will be similar to the previous one, and will be about small, but interesting, details of x86 architecture, that might be (and sometimes are) easily overlooked by creators of emulators and v...

x86 Kernel Memory Space Visualization (KernelMAP v0.0.1)

By j00ru | Mon, 04 Jan 2010 21:54:54 +0000 | @domain: faviconj00ru.vexillium.org
What I would like to write about today is a subject I have been playing with for quite some time – Windows kernel vulnerability exploitation techniques. While digging through various articles and other materials, I appeared to find bunches of interesting facts that are worth being described here. The post presented today aims to describe [...]

x86 Kernel Memory Space Visualization (KernelMAP v0.0.1)

By j00ru | Mon, 04 Jan 2010 21:54:54 +0000 | @domain: faviconj00ru.vexillium.org
What I would like to write about today is a subject I have been playing with for quite some time – Windows kernel vulnerability exploitation techniques. While digging through various articles and other materials, I appeared to find bunches of interesting facts that are worth being described here. The post presented today aims to describe [...]

BSWAP + 66h prefix

By Gynvael Coldwind | Tue, 29 Dec 2009 00:04:28 -0700 | @domain: favicongynvael.coldwind.pl
In the last few days I've been playing with osdev again (last time I've coded something more than a boot menu (sorry, PL), was in 2003), so expect a few posts about assembler, x86 emulators and simila...

BSWAP + 66h prefix

By Gynvael Coldwind | Tue, 29 Dec 2009 00:04:28 +0100 | @domain: favicongynvael.coldwind.pl
In the last few days I've been playing with osdev again (last time I've coded something more than a boot menu (sorry, PL), was in 2003), so expect a few posts about assembler, x86 emulators and simila...

VirusTotal Uploader 2.0

By Gynvael Coldwind | Sat, 28 Nov 2009 00:04:19 -0700 | @domain: favicongynvael.coldwind.pl
A few days ago my newest creation was published on the net - VirusTotal Uploader 2.0. Well, it is a different kind of tool that you're used to see from me - it has a window (it's not a console-app), i...

VirusTotal Uploader 2.0

By Gynvael Coldwind | Sat, 28 Nov 2009 00:04:19 +0100 | @domain: favicongynvael.coldwind.pl
A few days ago my newest creation was published on the net - VirusTotal Uploader 2.0. Well, it is a different kind of tool that you're used to see from me - it has a window (it's not a console-app), i...

CONFidence 2.0, slideshow, SilkProxy 0.0.1

By Gynvael Coldwind | Mon, 23 Nov 2009 00:04:17 -0700 | @domain: favicongynvael.coldwind.pl
Below I present the download links for the slideshow (PDF) from my "Practical security in computer games" lecture, and a 0.0.1 alpha version of SilkProxy. A few more words about that last position: it...

CONFidence 2.0, slideshow, SilkProxy 0.0.1

By Gynvael Coldwind | Mon, 23 Nov 2009 00:04:17 +0100 | @domain: favicongynvael.coldwind.pl
Below I present the download links for the slideshow (PDF) from my "Practical security in computer games" lecture, and a 0.0.1 alpha version of SilkProxy. A few more words about that last position: it...

Windows Win32k syscall table

By Gynvael Coldwind | Fri, 13 Nov 2009 00:04:11 +0100 | @domain: favicongynvael.coldwind.pl
Just a quick info. j00ru has published on his blog a syscall number/name table for the Win32k syscall shadow table (user32.dll, gdi32.dll and DirectX use it) - http://j00ru.vexillium.org/win32k_syscal...

Google Go, my thoughts and a simple raytracer

By Gynvael Coldwind | Thu, 12 Nov 2009 00:04:09 +0100 | @domain: favicongynvael.coldwind.pl
About two days ago the net started to fill with information about a new programming language, created by people at Google. The language is called Go, and is something between a low-level language (lik...

Win32k.SYS system call table

By j00ru | Wed, 11 Nov 2009 17:48:46 +0000 | @domain: faviconj00ru.vexillium.org
Everyone who has ever had some serious contact with how the Windows kernel mechanisms work, was probably in need to access a complete system call number list (together with the handlers' definitions). As one of the most important part of the communication process between user's applications and kernel, SSDT is commonly used for both clearly [...]

Win32k.SYS system call table

By j00ru | Wed, 11 Nov 2009 17:48:46 +0000 | @domain: faviconj00ru.vexillium.org
Everyone who has ever had some serious contact with how the Windows kernel mechanisms work, was probably in need to access a complete system call number list (together with the handlers' definitions). As one of the most important part of the communication process between user's applications and kernel, SSDT is commonly used for both clearly [...]

Unexported SSDT functions finding method

By j00ru | Mon, 02 Nov 2009 17:30:27 +0000 | @domain: faviconj00ru.vexillium.org
Today, I would like to write about finding the addresses of non-exported kernel functions (syscall handlers) from user mode. The technique I am going to write about is my very own idea, that occured to me during one of my talks regarding Windows x86 kernel exploitation (greetings to suN8Hclf!). Despite this, I cannot guarantee that [...]

Unexported SSDT functions finding method

By j00ru | Mon, 02 Nov 2009 17:30:27 +0000 | @domain: faviconj00ru.vexillium.org
Today, I would like to write about finding the addresses of non-exported kernel functions (syscall handlers) from user mode. The technique I am going to write about is my very own idea, that occured to me during one of my talks regarding Windows x86 kernel exploitation (greetings to suN8Hclf!). Despite this, I cannot guarantee that [...]

PHP getimagesize internals (part 3): PNG

By Gynvael Coldwind | Wed, 14 Oct 2009 00:03:55 +0200 | @domain: favicongynvael.coldwind.pl
Seems I'm a little behind on the English side of the mirror, so it's time to fix that with another PHP internals topic! This time I'll tell you the story of the PNG format, of course in the context of...

Controlling Windows process list, part 1

By j00ru | Fri, 09 Oct 2009 02:33:42 +0000 | @domain: faviconj00ru.vexillium.org
First of all, I would like to point out that my old bootkit presentation related stuff is available since a few weeks now. As the whole event was held in polish language, so are the slides / materials. One way or another, if some of you were interested, just take a look at the Slow [...]

Controlling Windows process list, part 1

By j00ru | Fri, 09 Oct 2009 02:33:42 +0000 | @domain: faviconj00ru.vexillium.org
First of all, I would like to point out that my old bootkit presentation related stuff is available since a few weeks now. As the whole event was held in polish language, so are the slides / materials. One way or another, if some of you were interested, just take a look at the Slow [...]

TraceHook v0.0.2

By j00ru | Sat, 03 Oct 2009 23:28:08 +0000 | @domain: faviconj00ru.vexillium.org
Since I have recently managed to find some time and come back to TraceHook project development, I decided to mark the result of a-few-hour-long session with the next version number - 0.0.2. Until now, the application has been designed for my own purposes - it was written to handle particular problems and work under certain [...]

My first laptop - Bondwell B200 (CPU 80C88)

By Gynvael Coldwind | Thu, 03 Sep 2009 00:03:47 +0200 | @domain: favicongynvael.coldwind.pl
And now for something completely different - my first laptop. It wasn't a Pentium as some might suspect. It wasn't even a 386. No, it was something, even older! If you are interested in computer arche...

TraceHook v0.0.1 release

By j00ru | Sun, 30 Aug 2009 11:50:42 +0000 | @domain: faviconj00ru.vexillium.org
Having some free time, I managed to apply some minor fixed to the TraceHook – I also decided to publish it, by the way. If there will be any bug reports / improvement suggestions, I will be more motivated to return to its development TraceHook is a tiny application keeping track over processes and [...]

PHP getimagesize internals (part 2): GIF

By Gynvael Coldwind | Sat, 29 Aug 2009 00:03:44 +0200 | @domain: favicongynvael.coldwind.pl
Time has come to write the second part of the PHP getimagesize story (yes, that means that there was a first part *grin*). This time I'll focus more on what getimagesize is supposed to do - on acquiri...

Suspending processes in Windows, part 1

By j00ru | Fri, 28 Aug 2009 15:07:54 +0000 | @domain: faviconj00ru.vexillium.org
I have been recently encountering quite a non-typical problem – playing Starcraft was hard due to the amount of active processes running on my operating system – including a few IDA instances, virtual machines and the most disturbing… Firefox web browser. As we all know, it’s not only about the memory being used by Firefox [...]

The incoming SecDay conference

By j00ru | Thu, 27 Aug 2009 23:02:09 +0000 | @domain: faviconj00ru.vexillium.org
I have a pleasure to inform the blog readers about the incoming event I am taking part in – the polish SecDay conference (regarding security in a general meaning)! My presentation’s subject is the practical approach to, so called, bootkit creation. To make things clear, bootkit consists of a number of code blocks [...]

PHP getimagesize internals (part 1)

By Gynvael Coldwind | Fri, 28 Aug 2009 00:03:43 +0200 | @domain: favicongynvael.coldwind.pl
The getimagesize function is, in my humble opinion of course, one of the most interesting functions of the standard PHP library (yes, the standard library, even while it's documentation is placed amon...

D-Link DI-524 and 2v2 in StarCraft

By Gynvael Coldwind | Wed, 26 Aug 2009 00:03:41 +0200 | @domain: favicongynvael.coldwind.pl
Today's post will be about something totally different. Mainly, I have a new SOHO router for a half of year or so at my place - yep, the D-Link DI-524 (rev.B), which replaced my old DI-604 (which I li...

Blog management changes

By j00ru | Tue, 18 Aug 2009 10:55:36 +0000 | @domain: faviconj00ru.vexillium.org
Welcome to the blog on my own hosting! I have recently decided to add multi-language support to the blog, which obviously required the Wordpress system to be moved to my own hosting (the one provided by wordpress.com lacks many important features, like the possibility to install plugins (which turned out to be very useful, by the [...]

A step beyond the drivers\etc\hosts file

By Gynvael Coldwind | Sat, 08 Aug 2009 00:03:35 +0200 | @domain: favicongynvael.coldwind.pl
(Be sure to checkout the demonstration video at the bottom of the page). Two months ago I've written about banker troyans, that some change DNS settings, other add a list of domains (used by financial...

RAND_MAX-related misinterpretation, and Art of File 3D

By Gynvael Coldwind | Tue, 14 Jul 2009 00:03:31 +0200 | @domain: favicongynvael.coldwind.pl
Today I'll write about an interesting mistake (or misinterpretation in this case) I've spoted in my friends code, and also I'll mention a certain link I found in the referers. I'll start with the link...

Random thoughs, 2nd edition

By Gynvael Coldwind | Sun, 12 Jul 2009 00:03:30 +0200 | @domain: favicongynvael.coldwind.pl
For some random reasons my blog became quiet recently, but don't worry, it's only temporary. It's time to catch up, and write about this and that. PHP as a preprocessor not only for HTML Recently ...

DllMain and its uncovered possibilites

By j00ru | Sat, 04 Jul 2009 16:08:03 +0000 | @domain: faviconj00ru.vexillium.org
Aww, another month or even more has apparently passed just in front of my eyes. As some of you might have realized, the school time have already ended (something like two weeks ago), thus allowing me to carry out some more research and remember about this blog. I expect some more posts to be written [...]

Banker trojans - a return to the past

By Gynvael Coldwind | Sun, 14 Jun 2009 00:03:25 +0200 | @domain: favicongynvael.coldwind.pl
It happened so that I got back to reversing banker trojans the other day, and celebrated it with a 24-hour marathon with many different foreign malware entities. Looks like that when I played with oth...

Random security thoughts

By Gynvael Coldwind | Mon, 01 Jun 2009 00:03:21 +0200 | @domain: favicongynvael.coldwind.pl
Recently while reading some press news / blog posts, a few things came to my attention, which I would like to discuss (as in "rant about them") in this post. The first thing will be about news/post...

Art of file - graphical interpretation of a file

By Gynvael Coldwind | Wed, 27 May 2009 00:03:19 +0200 | @domain: favicongynvael.coldwind.pl
The previous Sunday I decided to play a little with graphical interpretation of files again. Graphical interpretation, or visualizations as one may call it, is a large topic, there are even some inter...

CONFidence 2009 ESET crackme - solution

By Gynvael Coldwind | Tue, 26 May 2009 00:03:18 +0200 | @domain: favicongynvael.coldwind.pl
At last! A technical post!.. in which, I'll describe the ESET crackme from this years edition of the CONFidence conference. The CONFidence crackme (made especially for the conference - it was NOT thei...

CONFidence 2009 - gg plz re :)

By Gynvael Coldwind | Tue, 26 May 2009 00:03:17 +0200 | @domain: favicongynvael.coldwind.pl
Time to update the English side of my mirror! As I've written before, I had the opportunity to be present at this years edition of the CONFidence conference, and, starting with a spoiler, I think it w...

Recent conferences’ reports

By j00ru | Wed, 20 May 2009 21:39:17 +0000 | @domain: faviconj00ru.vexillium.org
It seems like the blog has been dead for more than two months, mainly due to kind of wrong priority hierarchy – there was always something interesting to research, even when I should be busy writing a next interesting post on my blog The recent weeks haven’t been wasted at all, as the site [...]

RE-Enter teh blog

By Gynvael Coldwind | Mon, 18 May 2009 00:03:12 +0200 | @domain: favicongynvael.coldwind.pl
Welcome back after a short break! It looks like that after posting on the Polish side of the mirror about a binary I've received from a friend, the post was posted on wykop.pl - a Polish site like dig...

ANSI Escape Codes for Windows 7 RC

By Gynvael Coldwind | Wed, 13 May 2009 00:03:08 -0700 | @domain: favicongynvael.coldwind.pl
Two days ago j00ru informed me that my cmd.exe add-on (the one that adds the ultra important feature - colors!) does not work on Windows 7 RC - so I decided to have a look, and so version 0.004d came ...

ANSI Escape Codes for Windows 7 RC

By Gynvael Coldwind | Wed, 13 May 2009 00:03:08 +0200 | @domain: favicongynvael.coldwind.pl
Two days ago j00ru informed me that my cmd.exe add-on (the one that adds the ultra important feature - colors!) does not work on Windows 7 RC - so I decided to have a look, and so version 0.004d came ...

How to make your life simpler - GDB scripts embedded in assembly source code

By Gynvael Coldwind | Fri, 10 Apr 2009 00:02:57 -0700 | @domain: favicongynvael.coldwind.pl
Recently I've been working on a function written in assembly (NASM dialect) that was to be compiled and then loaded and executed at runtime by an Objective C application. The function was to search in...

How to make your life simpler - GDB scripts embedded in assembly source code

By Gynvael Coldwind | Fri, 10 Apr 2009 00:02:57 +0200 | @domain: favicongynvael.coldwind.pl
Recently I've been working on a function written in assembly (NASM dialect) that was to be compiled and then loaded and executed at runtime by an Objective C application. The function was to search in...

SysDay 2009 post conference materials (and the unicorn)

By Gynvael Coldwind | Sat, 04 Apr 2009 00:02:55 -0700 | @domain: favicongynvael.coldwind.pl
I'm sorry, but the slides are, again, in Polish (well, the source codes and demo videos don't have Polish in them, mostly because they don't have any text at all). I've been informed that a video from...

SysDay 2009 post conference materials (and the unicorn)

By Gynvael Coldwind | Sat, 04 Apr 2009 00:02:55 +0200 | @domain: favicongynvael.coldwind.pl
I'm sorry, but the slides are, again, in Polish (well, the source codes and demo videos don't have Polish in them, mostly because they don't have any text at all). I've been informed that a video from...

March GDPL 3h compo - results

By Gynvael Coldwind | Wed, 18 Mar 2009 00:02:52 -0700 | @domain: favicongynvael.coldwind.pl
The results of the GDPL compo have been posted (available also here). Seems my predictions were right and Krzysiek K. has won (he earned it ;>). Second was maskl ex aequo with me, and third came Reg. ...

March GDPL 3h compo - results

By Gynvael Coldwind | Wed, 18 Mar 2009 00:02:52 +0100 | @domain: favicongynvael.coldwind.pl
The results of the GDPL compo have been posted (available also here). Seems my predictions were right and Krzysiek K. has won (he earned it ;>). Second was maskl ex aequo with me, and third came Reg. ...

After the march 3h GDPL compo...

By Gynvael Coldwind | Tue, 17 Mar 2009 00:02:50 -0700 | @domain: favicongynvael.coldwind.pl
Sunday, from 5pm till 8pm, another gamedev.pl compo took place. This time, it was a 3 hour compo during which one had to create a 'game that has both a cow and a pig' (a strange topic I must say). I d...

OS X, Objective C i RE

By Gynvael Coldwind | Tue, 17 Mar 2009 00:02:49 -0700 | @domain: favicongynvael.coldwind.pl
Finally has arrived the day when I take a look at creating OS X GUI applications! Applications on Mac are usually created using Objective C language (which I didn't have the pleasure to meet yet) and ...

After the march 3h GDPL compo...

By Gynvael Coldwind | Tue, 17 Mar 2009 00:02:50 +0100 | @domain: favicongynvael.coldwind.pl
Sunday, from 5pm till 8pm, another gamedev.pl compo took place. This time, it was a 3 hour compo during which one had to create a 'game that has both a cow and a pig' (a strange topic I must say). I d...

OS X, Objective C i RE

By Gynvael Coldwind | Tue, 17 Mar 2009 00:02:49 +0100 | @domain: favicongynvael.coldwind.pl
Finally has arrived the day when I take a look at creating OS X GUI applications! Applications on Mac are usually created using Objective C language (which I didn't have the pleasure to meet yet) and ...

Extending Total Commander with some minor functionality

By j00ru | Sun, 15 Mar 2009 21:18:31 +0000 | @domain: faviconj00ru.vexillium.org
As a loyal standard Windows shell (explorer.exe) user I often encounter some problems with the number of opened Windows on one desktop. Since my current notebook hardly ever goes down, so does the user’s shell. After a few working evenings, I often have difficulty localizing the desired windows. Having something like 40-50 of them, it [...]

Process termination issues

By j00ru | Thu, 12 Mar 2009 22:02:27 +0000 | @domain: faviconj00ru.vexillium.org
1. Introduction The first technical post here is about the process of terminating applications on Windows system. I have been researching this subject for the last few days, during which a number of interesting (yet unknown) facts has appeared. Some of the solution ideas regarding particular problems are presented here, though I am sure there are [...]

OS X vs Write-What-Where Condition

By Gynvael Coldwind | Thu, 12 Mar 2009 00:02:46 -0700 | @domain: favicongynvael.coldwind.pl
As my readers may know, for some time now I have access to a MacBook with OS X. Finally I found some time to test the standard exploiting techniques on OS X. I must admit that OS X surprised me positi...

OS X vs Write-What-Where Condition

By Gynvael Coldwind | Thu, 12 Mar 2009 00:02:46 +0100 | @domain: favicongynvael.coldwind.pl
As my readers may know, for some time now I have access to a MacBook with OS X. Finally I found some time to test the standard exploiting techniques on OS X. I must admit that OS X surprised me positi...

Automagical function list in C++

By Gynvael Coldwind | Tue, 10 Mar 2009 00:02:44 -0700 | @domain: favicongynvael.coldwind.pl
The story starts as usual. I've been writing a certain application, that generates some test files. The files were very similar in structure, so I took the common factor out, and created a function th...

Automagical function list in C++

By Gynvael Coldwind | Tue, 10 Mar 2009 00:02:44 +0100 | @domain: favicongynvael.coldwind.pl
The story starts as usual. I've been writing a certain application, that generates some test files. The files were very similar in structure, so I took the common factor out, and created a function th...

Hello world!

By j00ru | Mon, 09 Mar 2009 18:24:41 +0000 | @domain: faviconj00ru.vexillium.org
Welcome to my new tech blog! Seems like I finally decided to create a place to store the ideas that might become forgotten otherwise, so here you are. Even though I had some trouble choosing between polish/english/both versions, I eventually chose the one making the contents readable by a wider people range. What you will hopefully be [...]

Entropy

By Gynvael Coldwind | Sun, 08 Mar 2009 00:02:42 -0800 | @domain: favicongynvael.coldwind.pl
In the previous post I've written about a tool that measures entropy, but, I left the problem of "why the hell should somebody measure entropy" for later. That "later" is now :) As one can figure o...

Entropy

By Gynvael Coldwind | Sun, 08 Mar 2009 00:02:42 +0100 | @domain: favicongynvael.coldwind.pl
In the previous post I've written about a tool that measures entropy, but, I left the problem of "why the hell should somebody measure entropy" for later. That "later" is now :) As one can figure o...

Ent v.0.0.3

By Gynvael Coldwind | Mon, 02 Mar 2009 00:02:38 -0800 | @domain: favicongynvael.coldwind.pl
There is a tool, created by j00ru and me, that I was supposed to publish online a long time ago. However, I judged that the code is not-pretty, and (one might add "as always") there was no time to pre...

Referer spam, episode 2

By Gynvael Coldwind | Mon, 02 Mar 2009 00:02:36 -0800 | @domain: favicongynvael.coldwind.pl
I've written lately about spam in the Referrer field of the HTTP header - bots insert links (some times with BBCode) to shops with viagra, penises, and enlarging your watches. Now it has evolved! The ...

Conferences, conferences...

By Gynvael Coldwind | Sun, 01 Mar 2009 00:02:35 -0800 | @domain: favicongynvael.coldwind.pl
Well, this post in the Polish side of the mirror is much longer, since most of the conferences I'm going to attend (as an participant or a speaker) in this half of 2009 are Polish-language conference....

Few random things

By Gynvael Coldwind | Fri, 13 Feb 2009 00:02:32 -0800 | @domain: favicongynvael.coldwind.pl
Recently I didn't have much time to post on my blog, but a few small things came up, and I decided they won't take to much time to publish. As you may know, I like checking HTTP referrers of people...

Someone forgot to finish the spam generator. Again.

By Gynvael Coldwind | Tue, 10 Feb 2009 00:02:30 -0800 | @domain: favicongynvael.coldwind.pl
I've received another spam message generated with an 'almost' finished spam generator. Take a look: SUBJECT: {soft_spain_subject_random} FROM: esamerwin@hfma.org DATE: 2009-02-02 16:44 Ahora v...

Return-oriented exploiting

By Gynvael Coldwind | Thu, 05 Feb 2009 00:02:29 -0800 | @domain: favicongynvael.coldwind.pl
Todays post will be contain some technical security stuff - I'll write about a technique called "return-oriented programming" or "return-oriented exploiting" or "ret-to-libc without returning to funct...

ExcpHook ver 0.0.5-rc2

By Gynvael Coldwind | Tue, 03 Feb 2009 00:02:28 -0800 | @domain: favicongynvael.coldwind.pl
Yesterday I've finally got some time to finish the changes in the new version of ExcpHook. So, version 0.0.5-rc2 (rc2 of alpha ;p) is ready for download, and might be even usable ;D ExcpHook Except...

New layout

By Gynvael Coldwind | Fri, 30 Jan 2009 00:02:23 -0800 | @domain: favicongynvael.coldwind.pl
As you can see, Xa is a man of his word - he threatened me that he will make a new lay, and he did make it ;> Some things are still are to be "styled", some require minor polish, but all together, th...

CPC464 and cassettes

By Gynvael Coldwind | Thu, 29 Jan 2009 00:02:21 -0800 | @domain: favicongynvael.coldwind.pl
A moment of peace and quite is over. I'm back (after a cold), and it's time for another post ;D Today I'll write again about CPC464, this time, about the cassettes. Not long ago (before the cold) ...

Windows 7 - a list of change in exports, update

By Gynvael Coldwind | Tue, 20 Jan 2009 00:02:19 -0800 | @domain: favicongynvael.coldwind.pl
I've made a few more compares between exports in DLLs in Windows Vista SP1 and Windows 7 Beta. kernel32.dll ntdll.dll gdi32.dll user32.dll advapi32.dll Thats all for now, UPDATE: A few ch...

SIN*COS

By Gynvael Coldwind | Mon, 19 Jan 2009 00:02:12 -0800 | @domain: favicongynvael.coldwind.pl
Todays post won't be about cmd.exe and BAT, for the moment, I have exhausted that topic. Instead, I'll write about drawing cool-looking "pictures" using sin and cos functions, in C++. As always, th...

Enter teh ANSI Escape Code support for internal cmd.exe commands and BAT scripts

By Gynvael Coldwind | Mon, 19 Jan 2009 00:02:10 -0800 | @domain: favicongynvael.coldwind.pl
Long, long time ago, in the DOS times that is, one could configure the command prompt to be colorful, one could echo colorful messages, etc. And one could do all that thanks to the ANSI escape codes -...

Using OpenGL in .BAT scripts

By Gynvael Coldwind | Sun, 18 Jan 2009 00:02:09 -0800 | @domain: favicongynvael.coldwind.pl
Today's post will be, as promised, about OpenGL in .BAT scripts. At the very beginning, I would like to remind you (I was told that the correct form of 'you' is written with a lower 'y') that .BAT scr...

state.of.mind (digital-paintingℑ)

By xa | Sat, 17 Jan 2009 08:16:17 -0800 | @domain: favicondraftspace.art.pl
state.of.mind

Date: 17.01.2009

State of mind (Digital painting)

By xa | Sat, 17 Jan 2009 08:16:17 -0800 | @domain: favicondraftspace.art.pl
State of mind

Date: 17.01.2009

Windows 7 - short list of changes in kernel32.dll exports

By Gynvael Coldwind | Wed, 14 Jan 2009 00:02:06 -0800 | @domain: favicongynvael.coldwind.pl
Finally You can download the official Windows 7 Beta release (unofficially You could do it for some time now). So I've downloaded it, installed it (looks cool), and started to play... The first thi...

BAT scripts and objective programming

By Gynvael Coldwind | Mon, 12 Jan 2009 00:02:05 -0800 | @domain: favicongynvael.coldwind.pl
Today post is for all You Batmans out there ;> The .BAT scripts (sometimes called batch scripts) are as old as DOS. First time I've met bats on my old 286 PC, and they were used there very commonly...

Syndicate Wars Icon (Design)

By xa | Sat, 10 Jan 2009 14:42:51 -0800 | @domain: favicondraftspace.art.pl
Syndicate Wars Icon

Date: 10.01.2009

Rant: The week of my own private Hardware War

By Gynvael Coldwind | Fri, 09 Jan 2009 00:02:01 -0800 | @domain: favicongynvael.coldwind.pl
I don't know what is it about this week, but I got some new hardware, and I had to spend some time to get it all working, piece by piece. First, my PCMCIA LPT card arrived, and my STK200 AVR progr...

Lightsack - code from CPC, conclusion

By Gynvael Coldwind | Sat, 03 Jan 2009 00:02:00 -0800 | @domain: favicongynvael.coldwind.pl
The night has ended, and so has the data transfer from CPC to PC (if interested, one can download the RAM dump here). I also rewritten the code from CPC to PC - the listing is at the end of this post....

ReverseCraft (Video)

By xa | Fri, 02 Jan 2009 10:51:30 -0800 | @domain: favicondraftspace.art.pl
ReverseCraft

Date: 02.01.2009

Lightsack - how to send data from CPC 464 to PC without owning the neccesery cables

By Gynvael Coldwind | Fri, 02 Jan 2009 00:01:58 -0800 | @domain: favicongynvael.coldwind.pl
Waiting for my new programmer (which will arrive "at the end of the week") I decided to dump RAM from my new Amstrad to my PC. But there was a problem - how to do it without having any cables to conne...

CPC 464

By Gynvael Coldwind | Thu, 01 Jan 2009 00:01:56 -0800 | @domain: favicongynvael.coldwind.pl
Frankly speaking it's good to have a wife. Especially a wife that finds an old (but operational) Amstrad-Schneider CPC 464 (64k Colour Peronal Computer) at the bottom of the wardrobe. And so, a new to...

Reborn (Digital painting)

By xa | Mon, 29 Dec 2008 04:50:54 -0800 | @domain: favicondraftspace.art.pl
Reborn

Date: 29.12.2008

2719681 (digital-paintingℑ)

By xa | Mon, 29 Dec 2008 04:50:54 -0800 | @domain: favicondraftspace.art.pl
2719681

Date: 29.12.2008

Muzy (Digital painting)

By xa | Mon, 29 Dec 2008 04:50:54 -0800 | @domain: favicondraftspace.art.pl
Muzy

Trzy muzy z mitologii greckiej: Aoede (śpiew i poezja), Melete (nauka, praca) i Mneme (pamięć, wspomnienia).

Date: 29.12.2008

2748816 (digital-paintingℑ)

By xa | Mon, 29 Dec 2008 04:50:54 -0800 | @domain: favicondraftspace.art.pl
2748816

Date: 29.12.2008

Code snippets

By Gynvael Coldwind | Mon, 29 Dec 2008 00:01:53 -0800 | @domain: favicongynvael.coldwind.pl
In menu on the right (under the links to the posts) I've added a link to a section with some code snippets created now and then. They are rather simple, and I think beginner readers will be more inter...

apocalypse (digital-paintingℑ)

By xa | Thu, 25 Dec 2008 09:41:06 -0800 | @domain: favicondraftspace.art.pl
apocalypse

Date: 25.12.2008

Apocalypse (Digital painting)

By xa | Thu, 25 Dec 2008 09:41:06 -0800 | @domain: favicondraftspace.art.pl
Apocalypse

Date: 25.12.2008

Giganci (Drawings)

By xa | Thu, 21 Jun 2007 14:18:24 -0700 | @domain: favicondraftspace.art.pl
Giganci

Date: 21.06.2007

Another marriage (again, lol)

By gynvael.coldwind (2008.12.25)

This time I got got married! (with Arashi). Huh ;D

vx++

By gynvael.coldwind (2008.09.22)

Another person has joined our team - that would be samlis.coldwind. Welcome :D

Just married (again)

By gynvael.coldwind (2008.08.11)

Extremely happy news again! aps and his gf Ewelina got married on 9 of August! Thats the second marriage in our team. Who's next?

Gadu-Gadu and Tlen multiple low/med impact vulns

By gynvael.coldwind (2008.07.06)

Four days ago j00ru published some of his findings in Gadu-Gadu 7.7 [Build 3725] and Tlen IM 6.00.2.69. Inter alia, j00ru writes about GG number registration captcha bypass, remote file storage (this one is very interesting imho ;>), both GG and Tlen's Denial of Service, and Tlen's message sendtime spoofing.
The advisory can be found in the security section, or here (direct link).

unnks 0.1 sees the light of day

By unavowed (2008.06.26)

A few days ago I published the source code for unnks, an extractor for NKS archives that are used by several programs to store musical samples. It does what it advertises, and is portable across several operating systems. I set up a project on sourceforge to host the files permanently.

vx++

By gynvael.coldwind (2008.04.28)

Today oshogbo has joined our team. Welcome m8! =^^=

IGK 2008 Compo results

By gynvael.coldwind (2008.04.22)

Two weeks ago (the news is late, as always) some Vexillium members (me, Xa Hellwing and j00ru) attended at the polish IGK conference (IGK stands for Inzynieria Gier Komputerowych, which can be translated as Computer Game Engineering) in Siedlce (east Poland). As every year, there was an eight-hour-long team game compo at the end of the conference, in which we took part (with naleth being our fourth member - and he did a fine job indeed =^^=). The compo topic was "sewers - paradise underground" (lol ;D), and we decided to code a two-player underground deathmatch with portals, rats, and "cheeze rulz" in the background. After 8 hours of coding, and a very exciting vote counting it was revealed that out game got TOP1 (ypiiii!) =^^=. Some screens from the game can be found in the gamedev section, and the game is planed to be release in near future (a post compo version, since the compo version had some stupid bugs). The game requires two mice to play btw =^^=.
Additionally to the game compo there was an unofficial Quake 3 tournament, which I've manage to win =^^=. My brother, Samlis Coldwind, was TOP2, while TOP3/4 was shared by Krzysiek K. and salvation. Another interesting event on the conference was a game dev knowledge Quiz made by the guys from gamedev.pl - Reg and Xion. The quiz was won by artpoz, while I tied fourth with Charibo =^^=.
Well, the conference was very entertaining and I've really enjoyed it! I hope to see all of the participants next year! It was fun to see You guys again =^^=.
And for a final word... Respect to all the compo teams!

Vexillium.org moved to a new hosting

By gynvael.coldwind (2008.02.24)

Our site became quite popular recently, and we kept exceeding transfer limits at our old hosting, so we had to switch to a new one. The main website has been fully transfered to the new hosting (as You can see =^^=), but there might be some problems accessing our other sites for a few more days - sorry for the inconvenience.
Btw, as You probably have noticed, Xa began to create a comic strip. #1 you can see on the right, and #2 is comming soon (maybe tomorrow even). Go go Xa! FTW =^^=.

Firefox and Opera remote information disclosure advisory publication

By gynvael.coldwind (2008.02.16)

Some time ago (in december 2007) I found a vulnerability in some popular browsers. Today, when the fixed versions are already released, the advisory describing the vulnerability is released. The paper and a demonstration video can be found here.

DLL Spoofing

By gynvael.coldwind (2008.02.15)

Recently I found out that the site Revival.pl has been closed. One of my papers was availible on that site, and only on that site, so I guess it went offline as well. So, I've uploaded it to this site =^^=. The paper is in polish (maybe I'll translate it later). The paper can be found here.

FPU Tracer v0.0.1 release

By j00ru (2008.01.28)

I've added a new tool - Float Tracer program, to the Security section. You can see some screenshots at http://j00ru.vexillium.org/FPU_Tracer/screenshots/. Have fun playing with it ;> And feel free to report any bugs ^^

SDL_Image advisory publication, ExcpHook 0.0.4 release

By gynvael.coldwind (2008.01.23)

In the SECURITY section I've put an advisory regarding SDL_Image 1.2.6 GIF buffer overflow. Additionally I've relased 0.0.4 version of ExcpHook - my exception monitoring application for Windows XP. That's it for now ;>

Filling the black pages

By gynvael.coldwind (2007.12.23)

This news is written mostly to fill the blank pages hehe. I've uploaded an old Virtual PC detection research paper to SECURITY section, and a Opera Remote DoS advisory, also in the SECURITY section. Well, that's it for now.

New website

By gynvael.coldwind (2007.12.21)

Well, what to say. Finally after many many years we have created a website with some more text in it ;>.

Bez nazwy (Traditional painting)

By xa | Thu, 21 Jun 2007 20:01:35 -0700 | @domain: favicondraftspace.art.pl
Bez nazwy

Date: 23.06.2007

Oblicza (Traditional painting)

By xa | Thu, 21 Jun 2007 14:21:52 -0700 | @domain: favicondraftspace.art.pl
Oblicza

Date: 21.06.2007

Medytacja (Drawings)

By xa | Thu, 21 Jun 2007 14:19:59 -0700 | @domain: favicondraftspace.art.pl
Medytacja

Date: 21.06.2007

Articles

Comic