About me

Mateusz Jurczyk

I am Mateusz Jurczyk, also known as j00ru. I have been interested in reverse engineering, operating system internals and offensive vulnerability research for over 10 years. I currently work as a security researcher at Google Project Zero (see our blog and bug tracker); before that, I worked as an Information Security Engineer at Google (2011–2014), and as a security researcher/malware analyst at Hispasec Sistemas (2009–2011).

You can contact me via e-mail or find me on Twitter, LinkedIn or GitHub.

Dragon Sector

I play security CTFs and co-founded the Dragon Sector CTF team. Together with the team, we have won various competitions around the world, and maintained a top 1-4 standing throughout 2013–2017 as classified by CTFtime.org. We also organized our own CTFs with collaboration with the CONFidence conference in Krakow in 2015, 2016 and 2017. Earlier, I was a part of a group of computer enthusiasts called Vexillium.

Pwnie AwardsI have discovered and reported security flaws in kernel drivers, user-mode components, document readers, word processors, web browsers, browser plugins, virtual machines, antivirus software, open-source programs and libraries, and many more. Most bugs found in 2014 and later are documented in the P0 bug tracker. For some of the work, I was nominated for Pwnie Awards, which I won in 2012 (Best Privilege Escalation Bug), 2013 (Most Innovative Research, with Gynvael Coldwind) and 2015 (Best Client-Side Bug). I also made it to the MSRC Top 100 list for 2015 (ranked #10), 2016 (ranked #3), 2017 (ranked #1), 2018 (ranked #8).

Praktyczna Inżynieria WstecznaIn addition to posting on this personal blog, I have also written on the Project Zero blog, published standalone papers, and contributed articles to local and online magazines (see Articles and papers). Furthermore, I have spoken at a number of security conferences, including Black Hat, REcon, SyScan and Infiltrate (listed in Conference talks). The corresponding slide decks are available on GitHub. Finally, I was the lead editor of Gynvael’s “Zrozumieć Programowanie” (Understanding Programming) book published in 2015, as well as one of the editors and authors of the “Praktyczna Inżynieria Wsteczna” (Practical Reverse Engineering) volume printed in 2016.

PGP Key

In case you wish to share private information, here’s my public pgp key (alternatively to be downloaded here).

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (MingW32)

mQENBFMEtFABCADWQCLIBS98vRYDyK8t1cUHbVErvsWO72LOoJ2yPekoGXD0pBAg
PaOMDmQykmktFdkqG8D5ytTNi2f8bvgG2aRzDyZgL8RBZGvcmkM8oY7W8v101S8d
L3CxydmRUgwhhe76vwK1wa8UcFA3OMEJtkk0hQNupWMsYUOTXeztmeoSf8q6kjHt
CDsd/X9AuR02DeGOOJvjB+0ZHQXv61mPz0c8SthJDru9vU3y04qF9T+yDmZICbRW
zSKYoPcsjJfbQfblU8T4dU2kUUgX4diwk20TLR6fJZ6tp4Q0+dygys/JgzCZtG+e
g6S70wgrvwOinywn9f+FUg+RB3AUPF7mUyhLABEBAAG0JE1hdGV1c3ogSnVyY3p5
ayA8ajAwcnUudnhAZ21haWwuY29tPokBOQQTAQIAIwUCUwS0UAIbAwcLCQgHAwIB
BhUIAgkKCwQWAgMBAh4BAheAAAoJEHcTQu65hvlneVsIAIslh+YEpxI7HGDVqiEe
eOn7hgIrwkji94m9yfT0QW9r4XfLYk2oshvzpUkvXZUGonueQgO5NqVNqUZbVNq9
HQhe9Z3vs8+HSOxBfAhG5QinalJPnPvYXTDsOrYBKRVquGKcJP8NINsKIGOvITC+
a/AAPXOAnow/EqFosDGmkIBJR1Qy02UWek+jMs77my+ute+0gyQJqfWP2zK/Xa43
xVYJcUluFJZ3pfqOvcmPp1sXqsGDDV7misgmv7TET8DMM8DdJk/JNnnWpwCgK+M6
1aaJM2AU4sCQIA4HZnRTgVe//cYoLxv85MxPWsCfCT4aNposSTxxioxEgkc3yuTu
H7+5AQ0EUwS0UAEIAKh2g6qn7H7BhkMvCQrc3zbq1WW8F4a08NzWAJh7Za/PxoP0
E7J/aYuM5sEtqjtV2zJpKgSNtT8c4xASJ1bLmbmX3lU6Ho0Ew1fAxhu7kOJF/jrC
j0RYeG8v8C3WdDL0WDRC054R9ne8CJ4rvwsbgVYXwlDyy5m0dGrYfxFA+ht7kk9N
Yf7OX4HuX9fauBt3ZpXmdLMiCt0aLYePMHtkWjmC0duhmqakv8wlIMqYCN+FPxho
UmGNnYw6MAs5heN1wBHUZE3EcF5srYKuzE0TKVP4dRwSJES98q5Rx4RaWwKx/zPq
3DRYNVwRE9clpZu7+syRSy4stW6l4TVMjl/XMnEAEQEAAYkBHwQYAQIACQUCUwS0
UAIbDAAKCRB3E0LuuYb5Z9lrCACTsWUi61uvXqtHCC07P+LQksr3fNthGUv5VvOM
fH5nOreqyFbAFM3RGhswbN+sLSxecdjnr1Z814irT0ivsHKOtf75/HW1R2cuUp7A
4bmsvfZRN0HjaWi+CndnNLSpN+1ekQVBZlo8EMQ7Gd9MSHg4hnku+KGidnkXwtbT
XQo8ss8r2wHh4GTAtRVflRJRIu9aRypH6wOU1rmW5m5GTkJjPT3FpYiC5ytHad7U
pKcu0Cgw0/Nr0b0dEBec659CJEDL0zLslW+PqgW1+FGHRG4Wvo5xN3TYlhcoKOHH
kkVHVLQb65dqE/irjLMCVYawMres9aUCJmBHnPwMaDL2QxgD
=0kDH
-----END PGP PUBLIC KEY BLOCK-----

My Google public key is as follows (find it here):

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (MingW32)

mQENBFMEtHwBCACq3KkT9CY31meVzrRKB93XL8hMqHF7PnxX4Op+T6UQGQYyTo++
KuHmlit026O81prHHOKhko2PZD3KbKwPaWQi5Ow7Fkt3JVA9BfM3+pAFSEhwlg4X
qvQUVE9PZp6se/Wk+cwSw3jxnGs2lbSWAno9nrLNf/anQ8rcqB5NNdE9pr0xeVm9
RwpO2lTUvsWxu8vKWvuBh/ZbRmAmY8wwRHmH0H+bTkNy/BpQ6hY6nGgxYcA/8/M5
HJRDCPCfIZGIrOzgEcfs1D7rjfGDp4DWYE1q3cd88EKn8lvPkk8W08A8YEpXRG8Q
ZFrOzHfkzWBmoaI+c+KnmFP2qgsne8D2+6+vABEBAAG0JU1hdGV1c3ogSnVyY3p5
ayA8bWp1cmN6eWtAZ29vZ2xlLmNvbT6JATkEEwECACMFAlMEtHwCGwMHCwkIBwMC
AQYVCAIJCgsEFgIDAQIeAQIXgAAKCRCG70M8unPbpD47B/9gKJGHBWuhuJ3T2qNJ
AGJI8u5plYWUVvLDwOQA67D+ykc9oFYGj7IY5ahPSelzbQSCV7RqwbugP2AgOqFE
kLM1jspRdRd9a6hSIcLkRllzKwYLEWYqvuGnUyTWHULRfWO3Q3xqA6RmU9ZtAutP
vtM9QIO6bvV1DHcmP1Ml26bloZHZekpKiXBYwWykxsRBCGClLiY8/QNukGSG+EpN
9QdxpKuGSl9Dxd3l61iaWUp6yqjRQj4SFp4V8qBQ1zPItwoGkNK+aSRzo5YxT9dZ
cGSIlRyL8n5xyTICINmLoTv+n1FCcIWWYiBLKJJNsRD7QJMujn1t3H+Tfudi48mR
9/WNuQENBFMEtHwBCADMavbsemmWxaL+QmabhQoAh/7xehGSYgOI9pNAyiRMp7ZV
9IjCaFUwG6wxVQJFEaP5/auKag6hCMcH3k53jZWN1raQvT6C49Pxm4myYv9WNrzV
gTX+Hfob7PrDLUbzhCsp5B30rie/efSCxaS1IL64W1N6lixvAS38ERAcBfAjJ7R+
AzkQISQsU4rRyB9Tyt7joLWlUMLG8BEqUGo5MRAjkshPMvsvGSeQIL/aPPNCbKP9
YdzkbJs7XaKehok6xMEwMZtDv6xiS/Vfjx1ykr/bTXafP0ysG+ub9iR/XLZNa7i0
OO25rhiG5lhUas/jfkf8Hx4URRFXEgiAZmndXvrRABEBAAGJAR8EGAECAAkFAlME
tHwCGwwACgkQhu9DPLpz26Sf9gf/TBMNEZTzjfNFIlupPvJzO9J0I9uX5SGB4YJo
ecs8VfYLrKxezLqXKWa36GQVVygFBRnNVjRPglbs56zy1uzwygG91LMbLkuNtQPG
OxHXQOkBnitxg4JmwN0Dl1UssQUcmmR3yqS0c/QgETrMizRdwqHjjD1JmDQF/yts
xjMP5OCM6OA4+JNz/4MEW67X7fh16F+4uhZW4BLVOhsLTq9KafpEngilHO/OJhzI
eKd0DcWl3oNV7BCEaab4DIcDYVS29oaFtcFr9VY6rUztwjNbNvDD61ocdlpdPtSk
7GzlZCQIj04EMV7iYl2ICqX4vFxyDOBXw81UZTWovR+SLiqGOQ==
=CGjS
-----END PGP PUBLIC KEY BLOCK-----