Gynvael Coldwind
@gynvael.bsky.social
Security researcher/programmer ⁂ Managing director @ HexArcana ⁂ @DragonSectorCTF founder ⁂ he/him
Pinned
Gynvael Coldwind
@gynvael.bsky.social
· Jul 2
Yet another ZIP trick...
hackarcana.com/article/yet-...
+ a hands on exercise if you want to try this yourself:
hackarcana.com/article/yet-...
hackarcana.com/article/yet-...
+ a hands on exercise if you want to try this yourself:
hackarcana.com/article/yet-...
Here's a Saturday Python 3 Puzzle for you:
November 8, 2025 at 9:59 AM
Here's a Saturday Python 3 Puzzle for you:
If you've liked my "Linux Terminal: CTRL+D is like pressing ENTER" article (hackarcana.com/article/ctrl...), be sure to checkout @mina86.com's "Is Ctrl+D really like Enter?" (mina86.com/2025/is-ctrl...) :)
Is Ctrl+D really like Enter? — mina86.com
mina86.com
November 5, 2025 at 11:41 AM
If you've liked my "Linux Terminal: CTRL+D is like pressing ENTER" article (hackarcana.com/article/ctrl...), be sure to checkout @mina86.com's "Is Ctrl+D really like Enter?" (mina86.com/2025/is-ctrl...) :)
Heeey, ncurses/terminfo has a small virtual machine! And if there's a VM, there are CTF challenges :)
hackarcana.com/public-exerc...
hackarcana.com/public-exerc...
(third one coming next week, will be a bit harder)
hackarcana.com/public-exerc...
hackarcana.com/public-exerc...
(third one coming next week, will be a bit harder)
November 1, 2025 at 4:15 PM
Heeey, ncurses/terminfo has a small virtual machine! And if there's a VM, there are CTF challenges :)
hackarcana.com/public-exerc...
hackarcana.com/public-exerc...
(third one coming next week, will be a bit harder)
hackarcana.com/public-exerc...
hackarcana.com/public-exerc...
(third one coming next week, will be a bit harder)
We've received 50 required articles for issue #7 of
@pagedout.bsky.social - this means we're publishing the issue in the few next weeks.
1. Want to get an article in #7? You should write it now and send it in in the next few days.
2. We're still looking for more issue sponsors!
@pagedout.bsky.social - this means we're publishing the issue in the few next weeks.
1. Want to get an article in #7? You should write it now and send it in in the next few days.
2. We're still looking for more issue sponsors!
September 9, 2025 at 8:02 AM
We've received 50 required articles for issue #7 of
@pagedout.bsky.social - this means we're publishing the issue in the few next weeks.
1. Want to get an article in #7? You should write it now and send it in in the next few days.
2. We're still looking for more issue sponsors!
@pagedout.bsky.social - this means we're publishing the issue in the few next weeks.
1. Want to get an article in #7? You should write it now and send it in in the next few days.
2. We're still looking for more issue sponsors!
OK, ChatGPT 5 admittedly surprised me in a positive way. I threw a PNG with a (small) Python AST graph at it and told it to reverse it to Python code, and it successfully did that. I have expected it to fail hard, but here we are 🤷.
September 2, 2025 at 8:40 AM
OK, ChatGPT 5 admittedly surprised me in a positive way. I threw a PNG with a (small) Python AST graph at it and told it to reverse it to Python code, and it successfully did that. I have expected it to fail hard, but here we are 🤷.
Friendly reminder that order of operations makes a difference... more so than you think ;)
August 11, 2025 at 10:06 AM
Friendly reminder that order of operations makes a difference... more so than you think ;)
Lulu (print on demand) is increasing prices by 5% from Aug 1st, so if you were thinking of getting @pagedout.bsky.social #6 there, do it now: www.lulu.com/search?page=...
Shop the Independent Bookstore | Lulu
www.lulu.com
July 10, 2025 at 6:49 AM
Lulu (print on demand) is increasing prices by 5% from Aug 1st, so if you were thinking of getting @pagedout.bsky.social #6 there, do it now: www.lulu.com/search?page=...
[Please share with people outside of cybersec]
Do you have a horror story when you had to deal with cybersecurity companies / people? This is your chance to vent! → forms.gle/9aX24HrfnEQm...
I'm running an anonymous survey to listen to stories and look into the disconnect we sometimes have.
Do you have a horror story when you had to deal with cybersecurity companies / people? This is your chance to vent! → forms.gle/9aX24HrfnEQm...
I'm running an anonymous survey to listen to stories and look into the disconnect we sometimes have.
Frustration with cybersecurity people and companies
This anonymous survey if for people who are NOT working in cybersecurity and who had to contract people / buy services / buy products from companies in cybersecurity / use cybersecurity products / etc...
forms.gle
July 5, 2025 at 9:58 AM
[Please share with people outside of cybersec]
Do you have a horror story when you had to deal with cybersecurity companies / people? This is your chance to vent! → forms.gle/9aX24HrfnEQm...
I'm running an anonymous survey to listen to stories and look into the disconnect we sometimes have.
Do you have a horror story when you had to deal with cybersecurity companies / people? This is your chance to vent! → forms.gle/9aX24HrfnEQm...
I'm running an anonymous survey to listen to stories and look into the disconnect we sometimes have.
Yet another ZIP trick...
hackarcana.com/article/yet-...
+ a hands on exercise if you want to try this yourself:
hackarcana.com/article/yet-...
hackarcana.com/article/yet-...
+ a hands on exercise if you want to try this yourself:
hackarcana.com/article/yet-...
July 2, 2025 at 11:57 AM
Yet another ZIP trick...
hackarcana.com/article/yet-...
+ a hands on exercise if you want to try this yourself:
hackarcana.com/article/yet-...
hackarcana.com/article/yet-...
+ a hands on exercise if you want to try this yourself:
hackarcana.com/article/yet-...
A (not so) short analysis of anonymization schema used in the "Discord Unveiled" paper: hackarcana.com/article/anon...
May 23, 2025 at 12:38 PM
A (not so) short analysis of anonymization schema used in the "Discord Unveiled" paper: hackarcana.com/article/anon...
Poll! What ANSI color types does your terminal support?
"\x1b[1;31m3bpp+attr\x1b[m \x1b[91m4bpp\x1b[m \x1b[38:5:196m8bpp\x1b[m \x1b[38;2;255;0;0m24bpp\x1b[m"
Reply with screenshot of the output of this string + add OS/terminal versions
E.g. Ubuntu 24.04.2LTS, Konsole 23.08.5
"\x1b[1;31m3bpp+attr\x1b[m \x1b[91m4bpp\x1b[m \x1b[38:5:196m8bpp\x1b[m \x1b[38;2;255;0;0m24bpp\x1b[m"
Reply with screenshot of the output of this string + add OS/terminal versions
E.g. Ubuntu 24.04.2LTS, Konsole 23.08.5
May 16, 2025 at 6:46 AM
Poll! What ANSI color types does your terminal support?
"\x1b[1;31m3bpp+attr\x1b[m \x1b[91m4bpp\x1b[m \x1b[38:5:196m8bpp\x1b[m \x1b[38;2;255;0;0m24bpp\x1b[m"
Reply with screenshot of the output of this string + add OS/terminal versions
E.g. Ubuntu 24.04.2LTS, Konsole 23.08.5
"\x1b[1;31m3bpp+attr\x1b[m \x1b[91m4bpp\x1b[m \x1b[38:5:196m8bpp\x1b[m \x1b[38;2;255;0;0m24bpp\x1b[m"
Reply with screenshot of the output of this string + add OS/terminal versions
E.g. Ubuntu 24.04.2LTS, Konsole 23.08.5
Btw, is there sth like (www.web3isgoinggreat.com) but about AI fails?
May 12, 2025 at 2:53 PM
Btw, is there sth like (www.web3isgoinggreat.com) but about AI fails?
[PL] W przyszłym tygodniu zaczynam nową serię szkoleniową - 10 projektów w Pythonie krok po kroku (python.sekurak.pl). Coś dla osób bardziej początkujących, w szczególności dla osób, które trafiły na ścianę po hello world / kalkulatorze, albo mają problem jak ↓
April 28, 2025 at 10:10 AM
[PL] W przyszłym tygodniu zaczynam nową serię szkoleniową - 10 projektów w Pythonie krok po kroku (python.sekurak.pl). Coś dla osób bardziej początkujących, w szczególności dla osób, które trafiły na ścianę po hello world / kalkulatorze, albo mają problem jak ↓
Doing a short livestream in ~30 minutes with inspecting a pcap with USB traffic from a gamepad – www.youtube.com/live/xVrxfEk...
🎮 Live CTF: Solving "Gamepad" from Gynvael’s Collection | hackArcana Challenge
YouTube video by GynvaelEN
www.youtube.com
April 2, 2025 at 4:25 PM
Doing a short livestream in ~30 minutes with inspecting a pcap with USB traffic from a gamepad – www.youtube.com/live/xVrxfEk...
Doing a free webinar today at 8PM CEST (i.e. livestream with slides) about "files", as entities on the filesystem, seen through the eyes of a security researcher.
hexarcana.ch/lp/files/ ← sign up here if interested
hexarcana.ch/lp/files/ ← sign up here if interested
March 31, 2025 at 10:03 AM
Doing a free webinar today at 8PM CEST (i.e. livestream with slides) about "files", as entities on the filesystem, seen through the eyes of a security researcher.
hexarcana.ch/lp/files/ ← sign up here if interested
hexarcana.ch/lp/files/ ← sign up here if interested
Paged Out! #6 is out!
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
March 29, 2025 at 12:08 PM
Paged Out! #6 is out!
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
Next Monday I'm doing a 2h webinar on files as seen through the eyes of a cybersecurity researcher. This will cover useful stuff for programmers, more junior pentesters, and other tech enthusiasts who enjoy knowing how stuff works on a computer :)
hexarcana.ch/lp/files/?ut...
hexarcana.ch/lp/files/?ut...
Files through the eyes of a hacker
hexarcana.ch
March 26, 2025 at 8:54 AM
Next Monday I'm doing a 2h webinar on files as seen through the eyes of a cybersecurity researcher. This will cover useful stuff for programmers, more junior pentesters, and other tech enthusiasts who enjoy knowing how stuff works on a computer :)
hexarcana.ch/lp/files/?ut...
hexarcana.ch/lp/files/?ut...
I'm getting some specific questions about my upcoming training – I'll update the training page later today. This said, I've also recorded a short show-case / case-study of what type of skill one will acquire on my training:
www.youtube.com/watch?v=ib4Y...
www.youtube.com/watch?v=ib4Y...
Reversing unknown file download protocol
YouTube video by GynvaelEN
www.youtube.com
March 24, 2025 at 4:39 PM
I'm getting some specific questions about my upcoming training – I'll update the training page later today. This said, I've also recorded a short show-case / case-study of what type of skill one will acquire on my training:
www.youtube.com/watch?v=ib4Y...
www.youtube.com/watch?v=ib4Y...
tmp.0ut Volume 4 just came out!!! LET'S GO!
And guess who's article is there ;)
08 .... FixedASLR: .o ELF loader in a CTF task
tmpout.sh/4/
And guess who's article is there ;)
08 .... FixedASLR: .o ELF loader in a CTF task
tmpout.sh/4/
March 21, 2025 at 4:31 PM
tmp.0ut Volume 4 just came out!!! LET'S GO!
And guess who's article is there ;)
08 .... FixedASLR: .o ELF loader in a CTF task
tmpout.sh/4/
And guess who's article is there ;)
08 .... FixedASLR: .o ELF loader in a CTF task
tmpout.sh/4/
I'm running an "Intro to programming and Python" workshop (in Polish) in the evening with Sekurak / securitum and we have over 10 000 people registered. This is definitely and a new record for me!!!
If you understand Polish, you can still sign up at sklep.securitum.pl/wstep-do-pro...
If you understand Polish, you can still sign up at sklep.securitum.pl/wstep-do-pro...
March 21, 2025 at 12:03 PM
I'm running an "Intro to programming and Python" workshop (in Polish) in the evening with Sekurak / securitum and we have over 10 000 people registered. This is definitely and a new record for me!!!
If you understand Polish, you can still sign up at sklep.securitum.pl/wstep-do-pro...
If you understand Polish, you can still sign up at sklep.securitum.pl/wstep-do-pro...
A lot of you were telling me I should do my courses in English, so here we go:
Mastering Binary Files and Protocols: The Complete Journey
hackarcana.com/bin?utm=gyn-b
This is an A-to-Z course teaching a fundamental skill in practical IT, useful in cybersec/coding/etc
Start Apr 8th
Mastering Binary Files and Protocols: The Complete Journey
hackarcana.com/bin?utm=gyn-b
This is an A-to-Z course teaching a fundamental skill in practical IT, useful in cybersec/coding/etc
Start Apr 8th
March 19, 2025 at 3:15 PM
A lot of you were telling me I should do my courses in English, so here we go:
Mastering Binary Files and Protocols: The Complete Journey
hackarcana.com/bin?utm=gyn-b
This is an A-to-Z course teaching a fundamental skill in practical IT, useful in cybersec/coding/etc
Start Apr 8th
Mastering Binary Files and Protocols: The Complete Journey
hackarcana.com/bin?utm=gyn-b
This is an A-to-Z course teaching a fundamental skill in practical IT, useful in cybersec/coding/etc
Start Apr 8th
It's been a moment since I've posted sth on my YT channel, so here we go:
www.youtube.com/watch?v=jBsV...
I'm going here through my "pressing CTRL+D is like ENTER pressing" article – enjoy!
www.youtube.com/watch?v=jBsV...
I'm going here through my "pressing CTRL+D is like ENTER pressing" article – enjoy!
Pressing CTRL+D Is NOT what you think!
YouTube video by GynvaelEN
www.youtube.com
March 19, 2025 at 11:15 AM
It's been a moment since I've posted sth on my YT channel, so here we go:
www.youtube.com/watch?v=jBsV...
I'm going here through my "pressing CTRL+D is like ENTER pressing" article – enjoy!
www.youtube.com/watch?v=jBsV...
I'm going here through my "pressing CTRL+D is like ENTER pressing" article – enjoy!
I've written another article, this time on the fundamental reason why we have all these XSSes/SQLIs/etc. At least that's the way I explain it ;)
hackarcana.com/article/why-...
There's also a CTF challenge for this article (misc60):
hackarcana.com/article/why-...
Enjoy!
hackarcana.com/article/why-...
There's also a CTF challenge for this article (misc60):
hackarcana.com/article/why-...
Enjoy!
hackarcana.com
March 17, 2025 at 4:43 PM
I've written another article, this time on the fundamental reason why we have all these XSSes/SQLIs/etc. At least that's the way I explain it ;)
hackarcana.com/article/why-...
There's also a CTF challenge for this article (misc60):
hackarcana.com/article/why-...
Enjoy!
hackarcana.com/article/why-...
There's also a CTF challenge for this article (misc60):
hackarcana.com/article/why-...
Enjoy!
If you like CTF challenges, we've been steadily pushing some of my favorite tasks to my new edu site:
hackarcana.com/exercises
From top to bottom: Linux RE, 2x JS RE, USB PCAP, ZIP/crypto, DOS/VGA RE, 2x BMP image stegano, 5x BMP file format stegano, Python 2.7 RE, and ROP RE
HFGL
hackarcana.com/exercises
From top to bottom: Linux RE, 2x JS RE, USB PCAP, ZIP/crypto, DOS/VGA RE, 2x BMP image stegano, 5x BMP file format stegano, Python 2.7 RE, and ROP RE
HFGL
March 14, 2025 at 8:37 AM
If you like CTF challenges, we've been steadily pushing some of my favorite tasks to my new edu site:
hackarcana.com/exercises
From top to bottom: Linux RE, 2x JS RE, USB PCAP, ZIP/crypto, DOS/VGA RE, 2x BMP image stegano, 5x BMP file format stegano, Python 2.7 RE, and ROP RE
HFGL
hackarcana.com/exercises
From top to bottom: Linux RE, 2x JS RE, USB PCAP, ZIP/crypto, DOS/VGA RE, 2x BMP image stegano, 5x BMP file format stegano, Python 2.7 RE, and ROP RE
HFGL
Did you know that pressing CTRL+D in linux terminal is like pressing ENTER? (to some extent, of course)
Well, I didn't, so after randomly investigating what CTRL+D actually does, I've decided it's a fun topic to write about:
hackarcana.com/article/ctrl...
Well, I didn't, so after randomly investigating what CTRL+D actually does, I've decided it's a fun topic to write about:
hackarcana.com/article/ctrl...
hackarcana.com
March 11, 2025 at 11:47 AM
Did you know that pressing CTRL+D in linux terminal is like pressing ENTER? (to some extent, of course)
Well, I didn't, so after randomly investigating what CTRL+D actually does, I've decided it's a fun topic to write about:
hackarcana.com/article/ctrl...
Well, I didn't, so after randomly investigating what CTRL+D actually does, I've decided it's a fun topic to write about:
hackarcana.com/article/ctrl...