Gynvael Coldwind
@gynvael.bsky.social
Security researcher/programmer ⁂ Managing director @ HexArcana ⁂ @DragonSectorCTF founder ⁂ he/him
Here's a Saturday Python 3 Puzzle for you:
November 8, 2025 at 9:59 AM
Here's a Saturday Python 3 Puzzle for you:
Heeey, ncurses/terminfo has a small virtual machine! And if there's a VM, there are CTF challenges :)
hackarcana.com/public-exerc...
hackarcana.com/public-exerc...
(third one coming next week, will be a bit harder)
hackarcana.com/public-exerc...
hackarcana.com/public-exerc...
(third one coming next week, will be a bit harder)
November 1, 2025 at 4:15 PM
Heeey, ncurses/terminfo has a small virtual machine! And if there's a VM, there are CTF challenges :)
hackarcana.com/public-exerc...
hackarcana.com/public-exerc...
(third one coming next week, will be a bit harder)
hackarcana.com/public-exerc...
hackarcana.com/public-exerc...
(third one coming next week, will be a bit harder)
We've received 50 required articles for issue #7 of
@pagedout.bsky.social - this means we're publishing the issue in the few next weeks.
1. Want to get an article in #7? You should write it now and send it in in the next few days.
2. We're still looking for more issue sponsors!
@pagedout.bsky.social - this means we're publishing the issue in the few next weeks.
1. Want to get an article in #7? You should write it now and send it in in the next few days.
2. We're still looking for more issue sponsors!
September 9, 2025 at 8:02 AM
We've received 50 required articles for issue #7 of
@pagedout.bsky.social - this means we're publishing the issue in the few next weeks.
1. Want to get an article in #7? You should write it now and send it in in the next few days.
2. We're still looking for more issue sponsors!
@pagedout.bsky.social - this means we're publishing the issue in the few next weeks.
1. Want to get an article in #7? You should write it now and send it in in the next few days.
2. We're still looking for more issue sponsors!
OK, ChatGPT 5 admittedly surprised me in a positive way. I threw a PNG with a (small) Python AST graph at it and told it to reverse it to Python code, and it successfully did that. I have expected it to fail hard, but here we are 🤷.
September 2, 2025 at 8:40 AM
OK, ChatGPT 5 admittedly surprised me in a positive way. I threw a PNG with a (small) Python AST graph at it and told it to reverse it to Python code, and it successfully did that. I have expected it to fail hard, but here we are 🤷.
Friendly reminder that order of operations makes a difference... more so than you think ;)
August 11, 2025 at 10:06 AM
Friendly reminder that order of operations makes a difference... more so than you think ;)
Yet another ZIP trick...
hackarcana.com/article/yet-...
+ a hands on exercise if you want to try this yourself:
hackarcana.com/article/yet-...
hackarcana.com/article/yet-...
+ a hands on exercise if you want to try this yourself:
hackarcana.com/article/yet-...
July 2, 2025 at 11:57 AM
Yet another ZIP trick...
hackarcana.com/article/yet-...
+ a hands on exercise if you want to try this yourself:
hackarcana.com/article/yet-...
hackarcana.com/article/yet-...
+ a hands on exercise if you want to try this yourself:
hackarcana.com/article/yet-...
Poll! What ANSI color types does your terminal support?
"\x1b[1;31m3bpp+attr\x1b[m \x1b[91m4bpp\x1b[m \x1b[38:5:196m8bpp\x1b[m \x1b[38;2;255;0;0m24bpp\x1b[m"
Reply with screenshot of the output of this string + add OS/terminal versions
E.g. Ubuntu 24.04.2LTS, Konsole 23.08.5
"\x1b[1;31m3bpp+attr\x1b[m \x1b[91m4bpp\x1b[m \x1b[38:5:196m8bpp\x1b[m \x1b[38;2;255;0;0m24bpp\x1b[m"
Reply with screenshot of the output of this string + add OS/terminal versions
E.g. Ubuntu 24.04.2LTS, Konsole 23.08.5
May 16, 2025 at 6:46 AM
Poll! What ANSI color types does your terminal support?
"\x1b[1;31m3bpp+attr\x1b[m \x1b[91m4bpp\x1b[m \x1b[38:5:196m8bpp\x1b[m \x1b[38;2;255;0;0m24bpp\x1b[m"
Reply with screenshot of the output of this string + add OS/terminal versions
E.g. Ubuntu 24.04.2LTS, Konsole 23.08.5
"\x1b[1;31m3bpp+attr\x1b[m \x1b[91m4bpp\x1b[m \x1b[38:5:196m8bpp\x1b[m \x1b[38;2;255;0;0m24bpp\x1b[m"
Reply with screenshot of the output of this string + add OS/terminal versions
E.g. Ubuntu 24.04.2LTS, Konsole 23.08.5
[PL] W przyszłym tygodniu zaczynam nową serię szkoleniową - 10 projektów w Pythonie krok po kroku (python.sekurak.pl). Coś dla osób bardziej początkujących, w szczególności dla osób, które trafiły na ścianę po hello world / kalkulatorze, albo mają problem jak ↓
April 28, 2025 at 10:10 AM
[PL] W przyszłym tygodniu zaczynam nową serię szkoleniową - 10 projektów w Pythonie krok po kroku (python.sekurak.pl). Coś dla osób bardziej początkujących, w szczególności dla osób, które trafiły na ścianę po hello world / kalkulatorze, albo mają problem jak ↓
Paged Out! #6 is out!
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
March 29, 2025 at 12:08 PM
Paged Out! #6 is out!
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
If you like CTF challenges, we've been steadily pushing some of my favorite tasks to my new edu site:
hackarcana.com/exercises
From top to bottom: Linux RE, 2x JS RE, USB PCAP, ZIP/crypto, DOS/VGA RE, 2x BMP image stegano, 5x BMP file format stegano, Python 2.7 RE, and ROP RE
HFGL
hackarcana.com/exercises
From top to bottom: Linux RE, 2x JS RE, USB PCAP, ZIP/crypto, DOS/VGA RE, 2x BMP image stegano, 5x BMP file format stegano, Python 2.7 RE, and ROP RE
HFGL
March 14, 2025 at 8:37 AM
If you like CTF challenges, we've been steadily pushing some of my favorite tasks to my new edu site:
hackarcana.com/exercises
From top to bottom: Linux RE, 2x JS RE, USB PCAP, ZIP/crypto, DOS/VGA RE, 2x BMP image stegano, 5x BMP file format stegano, Python 2.7 RE, and ROP RE
HFGL
hackarcana.com/exercises
From top to bottom: Linux RE, 2x JS RE, USB PCAP, ZIP/crypto, DOS/VGA RE, 2x BMP image stegano, 5x BMP file format stegano, Python 2.7 RE, and ROP RE
HFGL
This one is a fun one
hackarcana.com/public-exerc...
USB PCAP of a gamepad selecting the flag :)
(Dejan, who was re-flagging this task, had to listen to my "back in my days the second thing you've learnt in programming was how to read the state of a joystick!" story. I am not sorry.)
hackarcana.com/public-exerc...
USB PCAP of a gamepad selecting the flag :)
(Dejan, who was re-flagging this task, had to listen to my "back in my days the second thing you've learnt in programming was how to read the state of a joystick!" story. I am not sorry.)
March 5, 2025 at 8:17 PM
This one is a fun one
hackarcana.com/public-exerc...
USB PCAP of a gamepad selecting the flag :)
(Dejan, who was re-flagging this task, had to listen to my "back in my days the second thing you've learnt in programming was how to read the state of a joystick!" story. I am not sorry.)
hackarcana.com/public-exerc...
USB PCAP of a gamepad selecting the flag :)
(Dejan, who was re-flagging this task, had to listen to my "back in my days the second thing you've learnt in programming was how to read the state of a joystick!" story. I am not sorry.)
I've published a new blog post clearing up some confusion about what's what in the realm of securing input received from the user (or attacker):
hackarcana.com/article/sani...
That's a bit of app security theory for you, but I've seen this asked on job interviews. And it's actually important ;)
hackarcana.com/article/sani...
That's a bit of app security theory for you, but I've seen this asked on job interviews. And it's actually important ;)
March 4, 2025 at 3:16 PM
I've published a new blog post clearing up some confusion about what's what in the realm of securing input received from the user (or attacker):
hackarcana.com/article/sani...
That's a bit of app security theory for you, but I've seen this asked on job interviews. And it's actually important ;)
hackarcana.com/article/sani...
That's a bit of app security theory for you, but I've seen this asked on job interviews. And it's actually important ;)
Google agreed!
3/4
3/4
February 26, 2025 at 8:01 PM
Google agreed!
3/4
3/4
I suggested this photo could be used. I kinda like it.
2/4
2/4
February 26, 2025 at 8:01 PM
I suggested this photo could be used. I kinda like it.
2/4
2/4
(funny, story in 4 posts) I asked Google to change "my" photo that pops up on Google Search's Knowledge Graph, since, well, that isn't me...
February 26, 2025 at 8:01 PM
(funny, story in 4 posts) I asked Google to change "my" photo that pops up on Google Search's Knowledge Graph, since, well, that isn't me...
There is still a couple more days to submit your 1-page article to @pagedout.bsky.social #6!
We're at 41 pages of content out of 50 required. We'll start finalizing the issue when we reach 50. Not much time left, but you can still make it! :)
pagedout.institute?page=cfp.php
We're at 41 pages of content out of 50 required. We'll start finalizing the issue when we reach 50. Not much time left, but you can still make it! :)
pagedout.institute?page=cfp.php
February 4, 2025 at 1:13 PM
There is still a couple more days to submit your 1-page article to @pagedout.bsky.social #6!
We're at 41 pages of content out of 50 required. We'll start finalizing the issue when we reach 50. Not much time left, but you can still make it! :)
pagedout.institute?page=cfp.php
We're at 41 pages of content out of 50 required. We'll start finalizing the issue when we reach 50. Not much time left, but you can still make it! :)
pagedout.institute?page=cfp.php
"Hacker", as we in the bizz know well, carries different meanings for different people, and this can cause hilarious misunderstandings. Yesterday, the second part of an ongoing documentary about issues in NEWAG trains that were analyzed by Dragon Sector was aired. [...] gynvael.coldwind.pl?id=799
!["[...] representatives of this group of hackers, commonly referred to as "ethical hackers", though theft and home invasion have nothing to do with ethics—but well, I understand, ethical hackers, because that's what they call themselves [...]" (a certain Polish MP)](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:mfhhvivbd2m67uccfruatiax/bafkreicpy3ffieadm6gvin6lkoy66sczzwfqr5roefkr4yu6ejesvkokmi@jpeg)
January 30, 2025 at 7:28 PM
"Hacker", as we in the bizz know well, carries different meanings for different people, and this can cause hilarious misunderstandings. Yesterday, the second part of an ongoing documentary about issues in NEWAG trains that were analyzed by Dragon Sector was aired. [...] gynvael.coldwind.pl?id=799
Paged Out! #5 is out – enjoy! pagedout.institute
And if you like the cover, we have wallpapers!
And if you like the cover, we have wallpapers!
November 19, 2024 at 9:31 AM
Paged Out! #5 is out – enjoy! pagedout.institute
And if you like the cover, we have wallpapers!
And if you like the cover, we have wallpapers!
Some notes from analyzing the bash part obfuscation of the xz/liblzma part – link leads to the part I found most interesting – it was added in 5.6.1:
gynvael.coldwind.pl?lang=en&id=7...
gynvael.coldwind.pl?lang=en&id=7...
March 31, 2024 at 9:32 AM
Some notes from analyzing the bash part obfuscation of the xz/liblzma part – link leads to the part I found most interesting – it was added in 5.6.1:
gynvael.coldwind.pl?lang=en&id=7...
gynvael.coldwind.pl?lang=en&id=7...
We're finalizing issue #3 of Paged Out! - it should be out at the beginning of December (finally!).
If you still want to submit an article to #3, better hurry up – deadline is 25 Nov :)
If you still want to submit an article to #3, better hurry up – deadline is 25 Nov :)
November 17, 2023 at 1:56 PM
We're finalizing issue #3 of Paged Out! - it should be out at the beginning of December (finally!).
If you still want to submit an article to #3, better hurry up – deadline is 25 Nov :)
If you still want to submit an article to #3, better hurry up – deadline is 25 Nov :)