Robert Święcki


name: Robert Święcki
born: 11th June 1981
nationality: Polish
current location: Zürich, Switzerland
occupation: Information Security Engineer at Google [and Dragon Sector haxxor by night]

Security Research


A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf

Honggfuzz (0.3)

A general-purpose, easy-to-use fuzzer with interesting analysis options. It's been used to find a few interesting security problems in major software packages.

InTrace (1.5)

From README ... InTrace is traceroute-like application that enables users to enumerate IP hops using existing TCP connections, both initiated from local network (local system) or from remote hosts. It could be useful for network reconnaissance and firewall bypassing. ...

Security research - vulnerabilities

Memory OOB read (DoS) in OpenSSLCVE-2015-1789

Adobe Flash memory corruption - CVE-2015-0316MITRE

Linux Kernel priv-escalation, plus an Oops - CVE-2014-7826CVE-2014-7825

Linux Kernel Oooooopses - CVE-2011-2184CVE-2011-1593CVE-2011-2496

Multiple bugs in freetype – CVE-2010-2497CVE-2010-2498CVE-2010-2499CVE-2010-2500CVE-2010-2519CVE-2010-2520CVE-2010-2527

Universal XSS in Apple Safari 3.1 for Windows and MacOS X – Apple's advisory2008-1025FrSIRT

Universal XSS in Apple Safari 3.0.4 for Windows and MacOS X – Demo siteApple's advisoryCVE-2008-1002FrSIRT

Universal XSS in Apple Safari 3.0.4 for Windows – Demo siteApple's advisoryCVE-2008-1001FrSIRT

Linux x86-64 local root exploit, making use of the bug discovered by Wojciech PurczynskiBugtraqSecwatch

Konqueror 3.5 address bar spoofing – BugtraqBugtraqSecuniaFrSIRTCVE-2007-4224CVE-2007-4225

Opera 9 "data:" URI address bar spoofing – BugtraqSecuniaCVE-2007-3819FrSIRTOpera

Konqueror 3.5 "data:" URI address bar spoofing – BugtraqSecuniaCVE-2007-3820FrSIRT

Apple Safari 3.0.2 beta for Windows IDN spoofing – BugtraqBugtraq

Apple Safari 3.0.1 beta for Windows URL bar spoofing – BugtraqCVE-2007-2398CVE-2007-2398

Apple Safari 3.0 beta for Windows arbitrary cookie leak – BugtraqCVE-2007-2391CVE-2007-2391

Linux Kernel 2.6.20.* DCCP Memory Disclosure Vulnerability – BugtraqCVECVE-2007-1734FrSIRT


The Holy Grail of the computer science since the first UNIX. Ladies and Gentlemen... here it is: cd as a standalone binary program – 100% replacement for a shell built-in cd directive. (Linux/i386 only; may cause dizziness or vision changes; used with alcohol may lessen your ability to drive)