Publications

Binary Analysis & Reverse Engineering

"My first IDAPython script that searches for the differences between the call graphs of two functions"(abandonware)
PDML to Peach Pit (abandonware)
Interactive Virtual Machine Introspection based on DRAKVUF and libvmi(abandonware)
From Read to Domain Admin - Abusing Symantec Backup Exec with Frida
similarninja - Binary Similarity for Binary Ninja (abandonware)
Adding XCOFF Support to Ghidra with Kaitai Struct [code][code]
Emulating custom crytography with ripr
Rabbit Hole - Cumulative Cyclomatic Complexity for Ghidra
Ghidra Check Protector - Which non-trivial functions don't reference the stack canary checker
Testing Oracle Forms - presented at Hacktivity'19 [code][video][paper]
Unexpected Deserialization pt.1 - JMS
SemGWT - Using Semgrep to extract GWT RPC method information from cache files
Engineering WCF Hacks [tool][lib][kaitai]

Snapshot Fuzzing

Fuzzy Snapshots of Firefox IPC
OffensiveCon'22 - Case Studies of Fuzzing with Xen [Video] [Slides]
libfuzzer_kfx

IBM i

IBM i for Wintel Hackers [video]
IBM i for Hackers [slides][ghidra][kaitai]

Exploits

Endpoint Protection

CVE-2014-3440 - Symantec Critical System Protection Remote Code Execution
Trend Micro OfficeScan - A chain of bugs
Bare Knuckled Antivirus Breaking - multiple vendors, presented at WarCon'18
Notes on McAfee Security Scan Plus RCE (CVE-2017-3897) [SSD Disclosure]
Self-defenseless - Exploring Kaspersky’s local attack surface presented at EuskalHack IV [exploit]
Symantec Local Privilege Escalation - CVE-2019-12750 (exploit only)

Other Scrapcode

Bake your own EXTRABACON (Cisco ASA, exploit only)
Drop-by-Drop: Bleeding through libvips, generalization: Uninitialized Memory Disclosures in Web Applications [paper]
Fools of Golden Gate (Oracle GoldenGate, rediscovered via patch analysis)

Cryptography

MD5 poisoning for defense evasion: Poisonous MD5 - Wolves Among the Sheep, An update on MD5 poisoning
Abusing JWT public keys without the public key - featured in Web Security Academy [code]

Chronicles

Reflections on Reflected XSS
AVPWN - List of real-world threats against endpoint protection software

Community

BuheraBlog - "The" Hungarian IT-Security blog (2007-2014).
FAILnight
Come to the Dark Side, an invitation to offensive security - Presentation given to the Core Team of BME CrySys Lab

Hardware

Hexcalc - DIY calculator with a hexadecimal keypad
The Debugger Pedal

Other

Use-after-free tutorial: Part 1. Part 2. (outdated, Hungarain) [code]

Conditional DDE

Finding the salt with SQL inception

Duncan - Expensive injections

Code Review on the Cheap

OWASP Top 10 is overrated

JDB tricks to hack Java Debug Wire

Banging 3G rocks

Have We Met? - Anti-phishing proxy experiment