Basic info
Name: Mateusz ‘j00ru’ Jurczyk
Team: Vexillium
Job: Google (previously Hispasec Sistemas)
LinkedIn: Profile
Twitter: @j00ru
Contact
E-Mail: j00ru.vx@gmail.com
MSN: Same as e-mail
JID: j00ru@chrome.pl
Gadu-Gadu: 5813737
Articles / Papers
| Date | Language | Magazine | Title | Co-authors |
|---|---|---|---|---|
| 2013 | English | Identifying and Exploiting Windows Kernel Race Conditions via Memory Access Patterns | Gynvael Coldwind | |
| 2013 | Polish | Programista | AddressSanitizer: szybki detektor błędów pamięci | |
| 2012 | English | Hack In The Box Magazine | Memory Copy Functions in Local Windows Kernel Exploitation | |
| 2012 | English | Hack In The Box Magazine | The story of CVE-2011-2018 exploitation | |
| 2011 | English | Hack In The Box Magazine | Windows Security Hardening Through Kernel Address Protection | |
| 2011 | English | Hack In The Box Magazine | Windows Handle Numeric Allocation in Depth | |
| 2011 | English | Hack In The Box Magazine | Windows CSRSS Tips & Tricks | |
| 2011 | English | Exploiting the otherwise non-exploitable: Windows Kernel-mode GS cookies subverted | Gynvael Coldwind | |
| 2010 | English | Hack In The Box Magazine | Custom console hosts on Windows 7 | |
| 2010 | English | Hack In The Box Magazine | Reserve Objects in Windows 7 | |
| 2010 | Polish | Hakin9 | Błędy typu Write-What-Where w jądrze Windowsa | |
| 2010 | English | "Case study of recent Windows Vulnerabilities" slides | Gynvael Coldwind | |
| 2010 | English | Hack In The Box Magazine | Windows Objects in Kernel Vulnerability Exploitation | |
| 2010 | Polish | Hakin9 | Luki bezpieczeństwa jądra Windows | |
| 2010 | English | GDT and LDT in Windows kernel vulnerability exploitation | Gynvael Coldwind |
Conference talks
| Date | Language | Event | Title |
|---|---|---|---|
| 2013 | English | CONFidence 2013 | Beyond MOV ADD XOR – the unusual and unexpected in x86 |
| 2013 | Polish | SEConference | Bezpieczeństwo jądra Windows, lub jak zabić system dwiema instrukcjami |
| 2013 | English | NoSuchCon #1 | Abusing the Windows Kernel: How to Crash an Operating System With Two Instructions |
| 2013 | English | SyScan 2013 | Bochspwn: Exploiting Kernel Race Conditions Found via Memory Access Patterns |
| 2012 | English | ZeroNights E.0x02 | Windows Kernel Reference Count Vulnerabilities - Case Study |
| 2010 | Polish | SecDay 2010 | Architektura procesora a exploitacja w systemie Windows |
| 2010 | English | CONFidence 2010 | Case study of recent Windows vulnerabilities |
| 2010 | Polish | SEConference | Praktyczne spojrzenie na luki bezpieczeństwa jądra Windows |
| 2009 | Polish | SecDay 2009 | Bootkity vs Windows |
Security Research
A relatively up-to-date list of publicly addressed vulnerabilities I have discovered thus far can be found in OSVDB, currently split between four of my “Creditee” accounts: [1] [2] [3] [4].
Interests
Subjects related to programming (C, C++, x86 / x86-64 / AVR assembly, Python), reverse engineering, malware analysis, software vulnerability research and NT OS internals research are the things I spend most of my life on. When it comes to real life things, I read horror books, play table tennis and watch good anime / horror movies. That’s more or less about what you should know.
PGP Key
In case you are going to share private information, here’s my public pgp key (alternatively to be downloaded here).
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (MingW32) mQGiBExHCXoRBACjkOkpazKayKvl6PZugWDQKnxjz8D23DBi4wFKiB8GfpKG7HEA NvecQGF/g1e2RU6LDjbhYoKfjg7aGnZaWAH8Ju97X1P8K2+0XPdn8jPO2/OBqSZ0 6k3dJr3n57TE/DoMrrLdZ08aPd2rRSQ2Z0ZZInCtF9j7M9jytZuSldkviwCgrZbD FqWKL2jgtHJHCdGU/ol70HMD/Aw97s2tXmL3YI8mY2VeVB5/fD3Lxn9CjE6Y30Tz 0AIuZwocVz2yRxRu7WHI2qv9Xq3L75BIKILM/xHflQzp2Mn/wFRWVNL7auMlYBPl rD8f6ovpvchobxjiMrALr6TY4bmJkhSNzopyphH/CUEtOjmejDfF0Ef5B3WLTNRT aPCyBACMUa3fT9OXllw5jp6KVjuK/kvSJIqrv2i6H9b1a994cKyX8ifeRejj6DBF 7tPEYGDaik6OguM9kWxeMLBYEvR9ndbwPjI8e8TTIRFgigiYgQ7A9TI9SO4xC+S0 HbZWL89yOf0VEaf9vINSM0Ye8dBXkXlyotQC8Fa6ekqlEEu9f7QaajAwcnUgPGow MHJ1LnZ4QGdtYWlsLmNvbT6IYAQTEQIAIAUCTEcJegIbAwYLCQgHAwIEFQIIAwQW AgMBAh4BAheAAAoJEBk3TpaLMFgf81YAnily5KvNSKxJN0MfsGlHB7ivKMgYAJ9v tAD4UWmMf6pFdbFb34+qdemM/7kEDQRMRwl6EBAA3XcmZvMGsA4OH9PQjAu28ZoC GrIJtr3jCvmjj49fUOWXn6j0cG9nXD/0k3kojAwADLU3l0Om6YfXXGDk/GWGM69/ PUiEPIOePsjBXf9qTbw6A9l/5hO5BPJRAPBUbjoJZdHT5l49Hu+Twre/zB47HdGU wn9UvcJSmi/flIQbfxTDln3kIMU4W84ba7fXx3BO6ATK6WZ1MAfEDycu1VAAf4hb DQMmN+Y21JlDL/wYQ5JpLPOOreO9APKTyaQalHC4jmX7qNZJy+QvdesOh6XQ/1eQ CteaO0m5+92FZUsNNMHNef+zESL0+9HOn9ZckkIwLTDWW0TW5GA+HFDrw/yQgZeN axdL4Kqh2Zt6wkBpP0Hh3eh0NLkQwtKoY63c2TXyPwtNB88Vp6p8aanR/FBmf+eQ VlXoG53DpqzkfUuAdi/3a+m5DJcZhReQLjaLOTGkv/qQMbDuPEgHvyx7JHsjIekK WPTPn0w9bDSJPxEDlOBrVDBtTJREyCRQhKGcMQzIb3KGPQ0tI6RNZ/llaTMCqEns zTcFxuPuDYfHNQeF24dznoxJsC9adfY8ehghd5eWQAF6v5r3JBISPZO4YaME93F6 xwwgAiU45QMIfwhd4KxfgYXlF/RnoKE0TdHC5DAmviprH9LuZe4wxCGXTux6uLOh 1Qs2SUYONEmfb/VfRpsAAwUQAKdwfsZZ8Gz6ktH3WmO9R4TpxTvGpENSKTsVynsm R38fes7+cKZtMZCRYA/FfFnDz4ZS1ci7skXBw3AzIFenr55Fnwm5410eogI9N8sV e85thS+y5p5jkHsn57lMAZeI22wH7U5CKOeaPK0GRrkCoxNl3CvbvL2S9+Lk/Em3 k3g2lBWF4LhAOXWebrfYpLycVQgEgsesDJP0Mb53EJ9QDB6AAyXN1eazdw6acmNE L44c84lA3RXY4QvCE3rTgpvzWh6tFL02bllDd8VPAi+Id12XD+5BnjKcNfYbotN9 V8+zc4B/fK5LZ5iizo0OGA5pI9qe8jJituMWst+MtQocyaJh9tgKuavmthbwrxwp DLGobPTLKYP0ajOfY13sUPnRt3VDxGfi6RubJB3X0PzTJG+jxA2+dqfDM5I3PJ4J sTcO535CnzzTD4xY7g+WeMI/tAUbcxF0rx9bsYE01T2sP+VOwuWPSGQIydrmMwAe OpDASoHnSwfY0dRSn62rXxzChgE1QtsoOXgRgCHRaLzyTpgP5vCa0dl2yfEBIOYn xmU1ujbGmkLdp1csjRIF/pMGchUJVsGpavF2UwBkSwc9bvtlUV9M30eJ4abfPVMB 6ZF+9niZSW+oiNoidxWymeIfumB6fqmlWkNJfxke2QyIueuaeKC+QuM6GihV4ARM L9vWiEkEGBECAAkFAkxHCXoCGwwACgkQGTdOloswWB8A7wCeI5dasulI5OYoKebM YVcp41Miy/4AoJtNKEJ9PgdM8mdANwSPPKjZvYbt =RcuG -----END PGP PUBLIC KEY BLOCK-----
My Google public key is as follows (find it here):
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux)mQENBE8fDLsBCADNaFiXgoz1ysE6SNpq/6Uz4YH429aAadXoPsRGr+kDcD7JVv/r pvVanSzdxzVIVtzeOdTItEaNJivyXCR3ohoKjuxpK7tNQnYH/z0ExqOdi6a/BMdQ 9sQqBK4edPiJcNZPp+pYKwbwmwKxeqEfpPo8C3XIPjbUflipY6VYFzuSzKe15SCp kgflz/G72QDI45HhlqB+0jNhvdiXnJ6nWdCEuvzUlKM6b3gNT78ab2zbc77rA9Km qCZA3QiycU8FE9xUGY/WOdz1ya72Q8VA6Qmc9Fm1hPxTOcgE23JY+uE5rQnahVF8 DWz/eyxwXigt9XxgShE7Yu5wFqwTnpgtFaFXABEBAAG0JU1hdGV1c3ogSnVyY3p5 ayA8bWp1cmN6eWtAZ29vZ2xlLmNvbT6JATgEEwECACIFAk8fDLsCGwMGCwkIBwMC BhUIAgkKCwQWAgMBAh4BAheAAAoJEM78BC2go6rCsLkH/jGg65LOs8slYSO2VlTA cHIAsgLexXKb2+SCu5bYds7ow4alcGA50XOLwSBokXhxXg+GME5D6eR68mMr1cJD wJrfTogHuajo9qE6T8A4KrfIDKmMJqGZykr4IQrK7H01Re/kWHsMLx8mwxToZwtk P2xWe+pF2E/OE1bIfeCNDk92B3cwiWRlWtiRKoqxfeLzFBQ2lx0jRa+/VHUOYhMd MGqxMQYzym0mCdZKo0tV27acRK76EIN5Hs4xEkIeRt01XLmcrWU5NiMWKlGDZZUQ 6BrRpnxS8nmRcVc7rM+Nz4AjvLu92EWIaeE3Wk2jSEmKgq0f5gJ1RM7qwpqS8gfP 8tC5AQ0ETx8MuwEIAJYCqvr9n/E+fbijmUOTvZIcHL9nYVjfA9aubS92uPqMEzMv CJYA0A7duHAXAP+L+Nym3Wso9Frf51zv++MxZvGmU8BlUwqubRVbEoO48fvNQq4J VynBa4unpk2ydvh4CMpL+NKUoSEjEZNd+KdXjQkRB0wdPDQoYVVMtUJvk/jhfPJg ljdkGu/cxupwa2n7cWm8oOMa9N2ia/u6iY3Uf7OK+80AyIINh8tHux84Bf35NFUX VzPWy1+9ekw/7L7CTHqvjnvAjN6/Q1L2s4sGe9fIvnEJcHbex1SIE2gL4ef89p20 4/77cPQZWiRbZ2gMEljwYUSpGXGgmwAYreTIDR8AEQEAAYkBHwQYAQIACQUCTx8M uwIbDAAKCRDO/AQtoKOqwiYAB/97ivuOzOB0y/shIxjLg0ig3NE+NElg2NbNs2aK ssknNomvE0GMnUxCL1XTR20zreKjiC2KoUUCnoNDwv9TINSl22dnfHD5KYu9shMh lH5OnWTpgIrDhuTOCbHFaNByEhtRpD+1c1/+kL/U3/VX/LTyqxC2JOXy+MBmWg6Z l+HfqA6BK7K8QjWFjp6auOWDRBV3VfV/1MxfcRGBQ0yWu+IuxgZfGAKthqAivdAn UZwVewgPy2Acf5MdOeC37g2S7i4W3vnfkymFin2NT6xuRq614DY38SXnQouqdIbw DgK7UaGFMLtF3x4K2MjbuBLLBAep4cjd71EgFqT03eaxaBJT =cTUs -----END PGP PUBLIC KEY BLOCK-----