2019-09-29:
GSGC2019: Winners

The deadline for Gynvael's Summer GameDev Challenge 2019 was today around 2PM Zurich time, and since there weren't a lot of submissions (actually, there was only one), I expedited selecting the winner and awarding prizes.
Given the above, please join me in congratulating the sole winner of GSGC 2019!
1. Shutterbug by RustiSub (prize: 300 USD giftcard)
The vector graphics requirement seemed to be a pretty hard one - I'm pretty sure this contributed to the uncommonly low participation - yet RustiSub's game's graphic style is spot on and is an excellent proof that you can do quite a lot with just vectors (one of the reasons I've decided to increase the prize by 50%). Yet I feel we've barely scratched the surface, so vectors will be back - though most likely as part of other, smaller competitions.
The next event in this constrained game dev challenge series will be Gynvael's Winter GameDev Challenge 2019/20 - look out for it around December 2019!
GG!
Read more...
[
2 comments ]
|
2019-10-13:
Wyzwanie o wejściówkę na Security PWNing
W poniedziałek 14.10.2019 o 9:00 rusza wyzwanie z prostymi zadaniami ala CTF/hackme/wargames o darmową wejściówkę (oraz kody rabatowe o rosnących nominałach) na konferencję Security PWNing 2019.
Adres strony z wyzwaniem: https://gynvael.coldwind.pl/pwning2019/
Na wyzwanie będzie składać się 5 poziomów o rosnącym poziomie trudności (od bardzo prostych do średnio trudnych, przynajmniej z mojego punktu widzenia *wink*):
- Po przejściu 1 poziomu uczestnik otrzyma kod rabatowy na 150 PLN od ceny netto konferencji (wielokrotnego użytku).
- Po przejściu 2 poziomu uczestnik otrzyma kod rabatowy na 170 PLN od ceny netto konferencji (wielokrotnego użytku).
- Po przejściu 3 poziomu uczestnik otrzyma kod rabatowy na 200 PLN od ceny netto konferencji (wielokrotnego użytku).
Po przejściu 4 poziomu uczestnik otrzyma kod rabatowy na 250 PLN od ceny netto konferencji (pięciokrotnego użytku - kto pierwszy ten lepszy). [nagrody odebrane]
Po przejściu 5 (ostatniego) poziomu uczestnik otrzyma kod rabatowy na 100% ceny konferencji (jednokrotnego użytku - kto pierwszy ten lepszy). [nagroda odebrana]
Kody się nie sumują i działają jedynie do końca października. Sam konkurs trwa do 20 31 października (włącznie).
Czytaj dalej...
[
0 komentarzy ]
|
Five newest or recently updated notes (these are unfinished posts, code snippets, links or commands I find useful but always forget, and other notes that just don't fit on the blog):
Click here for a list of all notes.
 Security papers and research notes
Some conference slides are linked at the bottom of this page.
 Selected vulnerabilities
- A few Microsoft Windows privilege escalations and some DoSes patched by MS10-021 and MS10-011 - this research was presented on HITB Dubai 2010 and CONFidence 2010 (video available here).
- Well, actually a few more bugs in Windows kernel and drivers discovered during our Bochspwn research (see this post and this one) using our kfetch-toolkit.
They were patched in
MS13-016,
MS13-017,
MS13-031 and
MS13-036.
- Adobe Reader 9.5.1 and 10.1.3 multiple vulnerabilities - 62 unique crashes, from that 31 trivially exploitable and 9 more potentially exploitable, 11 CVE's assigned (CVE-2012-4149 to CVE-2012-4160). Some of these bugs were fixed for Windows and OSX releases of Adobe Reader in APSB12-16.
- Adobe Flash had also quite a lot of fixes (around 60 CVEs assigned). Some details can be found in these bulletins (in random order):
APSB12-27,
APSB12-24,
APSB12-22,
APSB13-17,
APSB13-14,
APSB13-11,
APSB13-09,
APSB13-05 and
APSB13-01.
- Contributed to discovery of multiple low-to-high vulnerabilities in Google Chrome (CVE-2012-2851, CVE-2012-2855, CVE-2012-2856, CVE-2012-2862, CVE-2012-2863 and some other) - some of these were mentioned in this post.
- A lot of bugs in ffmpeg and libav which resulted in 892 (sic!) patches in ffmpeg and 299 patches in libav (CVE-2011-3930 to CVE-2011-3952 and some other).
- Cygwin cygwin1.dll shared section local privilege escalation (demo video) - discovered while revisiting old-school classes of bugs (see paper above).
- Two minor bugs in PuTTY and aterm and rxvt found while playing with terminal control codes. Put here to create some illusion of diversity.
- Mozilla Firefox 2.0.0.11 and Opera 9.50 information leak, also midly affected Safair, Konqueror and some other products (CVE-2007-6524, CVE-2008-0420, CVE-2008-0894, CVE-2008-1573). A demo video is also available.
- A small but funny bug in Total Commander 7.01 - an FTP client gets attacked by the server, leading to a path traversal.
- And there were also these two: a local privilege escalation that required a USB stick of death, and a funny compiler bug.
The full list of vulnerabilities discovered by me (including collaborative work) can be found here (please note that the list might be out of date).
The Google Application Security / Research site might also contain some of my findings.
 Coding (selected posts)
 Tools and libraries
- PiXieServ is a simplified PXE (network boot) server for Windows and Linux-based OS, created for testing of very small home-made OS. See also the post about it.
- ExcpHook, a system-wide exception monitor for Windows XP 32-bit. Useful if you're fuzzing something that doesn't like having a debugger attached.
- Ent is an entropy measuring tool for reverse engineering reconnaissance (see also a post explaining how to use it).
- HiperDrop is a simple command line process memory dumper for Windows, with a few different work modes.
- asmloader - this little app executes headerless machine code (compiled assembly code). It's meant to be an aid in learning/teaching and playing with assembly, as well as the right tool when you just need to execute some machine code.
- NetSock is a simple socket/networking lib/wrapper for C++ I've wrote back in 2003 and update from time to time - I use it for most of my network-enabled projects.
|
 Edukacyjnie (wybrane posty)
Dla programistów:
Security / hacking:
- Hacking - jak uczyć się security/hackingu i spać spokojnie.
Dodatkowo, kilka przemyśleń na temat odnajdywania się na rynku pracy w IT:
 Programowanie (wybrane posty)
← trochę więcej postów jest po angielskojęzycznej stronie.
 Gamedev i GFX (wybrane posty)
Grafika generowana proceduralnie:
|