Skip to content

About

Basic info

Name: Mateusz ‘j00ru’ Jurczyk
Team: Vexillium
CTF Team: Dragon Sector (vice-captain)
Job: Google (previously Hispasec Sistemas)
LinkedIn: Profile
Twitter: @j00ru

Contact

E-Mail: j00ru.vx@gmail.com
MSN: Same as e-mail
JID: j00ru@chrome.pl
Gadu-Gadu: 5813737

Articles / Papers

DateLanguageMagazineTitleCo-authors
2014PolishProgramistaJak napisać własny debugger w systemie Windows – część 4
2014PolishPWNProgramistyczne PotknięciaGynvael Coldwind
2014PolishProgramistaJak napisać własny debugger w systemie Windows – część 3
2014PolishProgramistaJak napisać własny debugger w systemie Windows – część 2
2014PolishProgramistaJak napisać własny debugger w systemie Windows – część 1
2014English, RussianXAKEPWindows Kernel Trap Handler and NTVDM Vulnerabilities - Case Study
2013PolishProgramistaBliżej silikonu #2Gynvael Coldwind
2013PolishProgramistaBliżej silikonu #1Gynvael Coldwind
2013EnglishIdentifying and Exploiting Windows Kernel Race Conditions via Memory Access PatternsGynvael Coldwind
2013PolishProgramistaAddressSanitizer: szybki detektor błędów pamięci
2012EnglishHack In The Box MagazineMemory Copy Functions in Local Windows Kernel Exploitation
2012EnglishHack In The Box MagazineThe story of CVE-2011-2018 exploitation
2011EnglishHack In The Box MagazineWindows Security Hardening Through Kernel Address Protection
2011EnglishHack In The Box MagazineWindows Handle Numeric Allocation in Depth
2011EnglishHack In The Box MagazineWindows CSRSS Tips & Tricks
2011EnglishExploiting the otherwise non-exploitable: Windows Kernel-mode GS cookies subvertedGynvael Coldwind
2010EnglishHack In The Box MagazineCustom console hosts on Windows 7
2010EnglishHack In The Box MagazineReserve Objects in Windows 7
2010PolishHakin9Błędy typu Write-What-Where w jądrze Windowsa
2010English"Case study of recent Windows Vulnerabilities" slidesGynvael Coldwind
2010EnglishHack In The Box MagazineWindows Objects in Kernel Vulnerability Exploitation
2010PolishHakin9Luki bezpieczeństwa jądra Windows
2010EnglishGDT and LDT in Windows kernel vulnerability exploitationGynvael Coldwind

Conference talks

DateLanguageEventTitle
2014PolishSECUREUcieczka z Matrixa: (nie)bezpieczna analiza malware
2014EnglishCONFidenceOn the battlefield with the Dragons – the interesting and surprising CTF challenges
2013EnglishZeroNightsWindows Kernel Trap Handler and NTVDM Vulnerabilities – Case Study
2013EnglishBlack Hat USABochspwn: Identifying 0-days via system-wide memory access pattern analysis
2013EnglishCONFidenceBeyond MOV ADD XOR – the unusual and unexpected in x86
2013PolishSEConferenceBezpieczeństwo jądra Windows, lub jak zabić system dwiema instrukcjami
2013EnglishNoSuchConAbusing the Windows Kernel: How to Crash an Operating System With Two Instructions
2013EnglishSyScanBochspwn: Exploiting Kernel Race Conditions Found via Memory Access Patterns
2012EnglishZeroNightsWindows Kernel Reference Count Vulnerabilities - Case Study
2010PolishSecDayArchitektura procesora a exploitacja w systemie Windows
2010EnglishCONFidenceCase study of recent Windows vulnerabilities
2010PolishSEConferencePraktyczne spojrzenie na luki bezpieczeństwa jądra Windows
2009PolishSecDayBootkity vs Windows

Security Research

A relatively up-to-date list of publicly addressed vulnerabilities I have discovered thus far can be found in OSVDB, currently split between four of my “Creditee” accounts: [1] [2] [3] [4].

Interests

Subjects related to programming (C, C++, x86 / x86-64 / AVR assembly, Python), reverse engineering, malware analysis, software vulnerability research and NT OS internals research are the things I spend most of my life on. When it comes to real life things, I read horror books, play table tennis and watch good anime / horror movies. That’s more or less about what you should know.

PGP Key

In case you are going to share private information, here’s my public pgp key (alternatively to be downloaded here).

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (MingW32)

mQENBFMEtFABCADWQCLIBS98vRYDyK8t1cUHbVErvsWO72LOoJ2yPekoGXD0pBAg
PaOMDmQykmktFdkqG8D5ytTNi2f8bvgG2aRzDyZgL8RBZGvcmkM8oY7W8v101S8d
L3CxydmRUgwhhe76vwK1wa8UcFA3OMEJtkk0hQNupWMsYUOTXeztmeoSf8q6kjHt
CDsd/X9AuR02DeGOOJvjB+0ZHQXv61mPz0c8SthJDru9vU3y04qF9T+yDmZICbRW
zSKYoPcsjJfbQfblU8T4dU2kUUgX4diwk20TLR6fJZ6tp4Q0+dygys/JgzCZtG+e
g6S70wgrvwOinywn9f+FUg+RB3AUPF7mUyhLABEBAAG0JE1hdGV1c3ogSnVyY3p5
ayA8ajAwcnUudnhAZ21haWwuY29tPokBOQQTAQIAIwUCUwS0UAIbAwcLCQgHAwIB
BhUIAgkKCwQWAgMBAh4BAheAAAoJEHcTQu65hvlneVsIAIslh+YEpxI7HGDVqiEe
eOn7hgIrwkji94m9yfT0QW9r4XfLYk2oshvzpUkvXZUGonueQgO5NqVNqUZbVNq9
HQhe9Z3vs8+HSOxBfAhG5QinalJPnPvYXTDsOrYBKRVquGKcJP8NINsKIGOvITC+
a/AAPXOAnow/EqFosDGmkIBJR1Qy02UWek+jMs77my+ute+0gyQJqfWP2zK/Xa43
xVYJcUluFJZ3pfqOvcmPp1sXqsGDDV7misgmv7TET8DMM8DdJk/JNnnWpwCgK+M6
1aaJM2AU4sCQIA4HZnRTgVe//cYoLxv85MxPWsCfCT4aNposSTxxioxEgkc3yuTu
H7+5AQ0EUwS0UAEIAKh2g6qn7H7BhkMvCQrc3zbq1WW8F4a08NzWAJh7Za/PxoP0
E7J/aYuM5sEtqjtV2zJpKgSNtT8c4xASJ1bLmbmX3lU6Ho0Ew1fAxhu7kOJF/jrC
j0RYeG8v8C3WdDL0WDRC054R9ne8CJ4rvwsbgVYXwlDyy5m0dGrYfxFA+ht7kk9N
Yf7OX4HuX9fauBt3ZpXmdLMiCt0aLYePMHtkWjmC0duhmqakv8wlIMqYCN+FPxho
UmGNnYw6MAs5heN1wBHUZE3EcF5srYKuzE0TKVP4dRwSJES98q5Rx4RaWwKx/zPq
3DRYNVwRE9clpZu7+syRSy4stW6l4TVMjl/XMnEAEQEAAYkBHwQYAQIACQUCUwS0
UAIbDAAKCRB3E0LuuYb5Z9lrCACTsWUi61uvXqtHCC07P+LQksr3fNthGUv5VvOM
fH5nOreqyFbAFM3RGhswbN+sLSxecdjnr1Z814irT0ivsHKOtf75/HW1R2cuUp7A
4bmsvfZRN0HjaWi+CndnNLSpN+1ekQVBZlo8EMQ7Gd9MSHg4hnku+KGidnkXwtbT
XQo8ss8r2wHh4GTAtRVflRJRIu9aRypH6wOU1rmW5m5GTkJjPT3FpYiC5ytHad7U
pKcu0Cgw0/Nr0b0dEBec659CJEDL0zLslW+PqgW1+FGHRG4Wvo5xN3TYlhcoKOHH
kkVHVLQb65dqE/irjLMCVYawMres9aUCJmBHnPwMaDL2QxgD
=0kDH
-----END PGP PUBLIC KEY BLOCK-----

My Google public key is as follows (find it here):

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (MingW32)

mQENBFMEtHwBCACq3KkT9CY31meVzrRKB93XL8hMqHF7PnxX4Op+T6UQGQYyTo++
KuHmlit026O81prHHOKhko2PZD3KbKwPaWQi5Ow7Fkt3JVA9BfM3+pAFSEhwlg4X
qvQUVE9PZp6se/Wk+cwSw3jxnGs2lbSWAno9nrLNf/anQ8rcqB5NNdE9pr0xeVm9
RwpO2lTUvsWxu8vKWvuBh/ZbRmAmY8wwRHmH0H+bTkNy/BpQ6hY6nGgxYcA/8/M5
HJRDCPCfIZGIrOzgEcfs1D7rjfGDp4DWYE1q3cd88EKn8lvPkk8W08A8YEpXRG8Q
ZFrOzHfkzWBmoaI+c+KnmFP2qgsne8D2+6+vABEBAAG0JU1hdGV1c3ogSnVyY3p5
ayA8bWp1cmN6eWtAZ29vZ2xlLmNvbT6JATkEEwECACMFAlMEtHwCGwMHCwkIBwMC
AQYVCAIJCgsEFgIDAQIeAQIXgAAKCRCG70M8unPbpD47B/9gKJGHBWuhuJ3T2qNJ
AGJI8u5plYWUVvLDwOQA67D+ykc9oFYGj7IY5ahPSelzbQSCV7RqwbugP2AgOqFE
kLM1jspRdRd9a6hSIcLkRllzKwYLEWYqvuGnUyTWHULRfWO3Q3xqA6RmU9ZtAutP
vtM9QIO6bvV1DHcmP1Ml26bloZHZekpKiXBYwWykxsRBCGClLiY8/QNukGSG+EpN
9QdxpKuGSl9Dxd3l61iaWUp6yqjRQj4SFp4V8qBQ1zPItwoGkNK+aSRzo5YxT9dZ
cGSIlRyL8n5xyTICINmLoTv+n1FCcIWWYiBLKJJNsRD7QJMujn1t3H+Tfudi48mR
9/WNuQENBFMEtHwBCADMavbsemmWxaL+QmabhQoAh/7xehGSYgOI9pNAyiRMp7ZV
9IjCaFUwG6wxVQJFEaP5/auKag6hCMcH3k53jZWN1raQvT6C49Pxm4myYv9WNrzV
gTX+Hfob7PrDLUbzhCsp5B30rie/efSCxaS1IL64W1N6lixvAS38ERAcBfAjJ7R+
AzkQISQsU4rRyB9Tyt7joLWlUMLG8BEqUGo5MRAjkshPMvsvGSeQIL/aPPNCbKP9
YdzkbJs7XaKehok6xMEwMZtDv6xiS/Vfjx1ykr/bTXafP0ysG+ub9iR/XLZNa7i0
OO25rhiG5lhUas/jfkf8Hx4URRFXEgiAZmndXvrRABEBAAGJAR8EGAECAAkFAlME
tHwCGwwACgkQhu9DPLpz26Sf9gf/TBMNEZTzjfNFIlupPvJzO9J0I9uX5SGB4YJo
ecs8VfYLrKxezLqXKWa36GQVVygFBRnNVjRPglbs56zy1uzwygG91LMbLkuNtQPG
OxHXQOkBnitxg4JmwN0Dl1UssQUcmmR3yqS0c/QgETrMizRdwqHjjD1JmDQF/yts
xjMP5OCM6OA4+JNz/4MEW67X7fh16F+4uhZW4BLVOhsLTq9KafpEngilHO/OJhzI
eKd0DcWl3oNV7BCEaab4DIcDYVS29oaFtcFr9VY6rUztwjNbNvDD61ocdlpdPtSk
7GzlZCQIj04EMV7iYl2ICqX4vFxyDOBXw81UZTWovR+SLiqGOQ==
=CGjS
-----END PGP PUBLIC KEY BLOCK-----