Articles and papers

Below is a summary of the external blog posts, articles and papers I have authored or co-authored so far.

Project Zero blog posts

DateTitle
2025The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
2025The Windows Registry Adventure #7: Attack surface analysis
2025The Windows Registry Adventure #6: Kernel-mode objects
2024The Windows Registry Adventure #5: The regf file format
2024The Windows Registry Adventure #4: Hives and the registry layout
2024The Windows Registry Adventure #3: Learning resources
2024The Windows Registry Adventure #2: A brief history of the feature
2024The Windows Registry Adventure #1: Introduction and research results
2020MMS Exploit Part 5: Defeating Android ASLR, Getting RCE
2020MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle
2020MMS Exploit Part 3: Constructing the Memory Corruption Primitives
2020MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec
2020MMS Exploit Part 1: Introduction to the Samsung Qmage Codec and Remote Attack Surface
2020Part II: Returning to Adobe Reader symbols on macOS
2019The story of Adobe Reader symbols
2018Detecting Kernel Memory Disclosure – Whitepaper
2017Notes on Windows Uniscribe Fuzzing
2016A year of Windows kernel font fuzzing #2: the techniques
2016A year of Windows kernel font fuzzing #1: the results
2015Enabling QR codes in Internet Explorer, or a story of a cross-platform memory disclosure
2015One font vulnerability to rule them all #4: Windows 8.1 64-bit sandbox escape exploitation
2015One font vulnerability to rule them all #3: Windows 8.1 32-bit sandbox escape exploitation
2015One font vulnerability to rule them all #2: Adobe Reader RCE exploitation
2015One font vulnerability to rule them all #1: Introducing the BLEND vulnerability

Articles in English

DateMagazineTitleCo-authors
2019Paged Out! #1Building ROP with floats and OpenType
2019Paged Out! #1Windows Syscall Quiz
2018Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking
2014XAKEPWindows Kernel Trap Handler and NTVDM Vulnerabilities - Case Study
2013Identifying and Exploiting Windows Kernel Race Conditions via Memory Access PatternsGynvael Coldwind
2012HITB MagazineMemory Copy Functions in Local Windows Kernel Exploitation
2012HITB MagazineThe story of CVE-2011-2018 exploitation (also as a whitepaper)
2011HITB MagazineWindows Security Hardening Through Kernel Address Protection (also as a whitepaper)
2011HITB MagazineWindows Handle Numeric Allocation in Depth
2011HITB MagazineWindows CSRSS Tips & Tricks
2011Exploiting the otherwise non-exploitable: Windows Kernel-mode GS cookies subvertedGynvael Coldwind
2010HITB MagazineCustom console hosts on Windows 7
2010HITB MagazineReserve Objects in Windows 7
2010HITB MagazineWindows Objects in Kernel Vulnerability Exploitation
2010GDT and LDT in Windows kernel vulnerability exploitationGynvael Coldwind

Articles in Polish

DateMagazineTitleCo-authors
2022ProgramistaHello World pod lupąGynvael Coldwind, Adam Sawicki
2016ProgramistaFuzzingGynvael Coldwind
2014ProgramistaZdobyć flagę... DEF CON CTF 2014 - wdub (v2)
2014ProgramistaJak napisać własny debugger w systemie Windows – część 4
2014PWNProgramistyczne PotknięciaGynvael Coldwind
2014ProgramistaJak napisać własny debugger w systemie Windows – część 3
2014ProgramistaJak napisać własny debugger w systemie Windows – część 2
2014ProgramistaJak napisać własny debugger w systemie Windows – część 1
2013ProgramistaAddressSanitizer: szybki detektor błędów pamięci
2010Hakin9Błędy typu Write-What-Where w jądrze Windowsa
2010Hakin9Luki bezpieczeństwa jądra Windows