Welcome to pqsec.org

Latest posts


How to execute an object file: Part 3

10 September 2021

Continue learning how to import and execute code from an object file. In this part we will handle external library dependencies.


How to execute an object file: Part 2

2 April 2021

Continue learning how to import and execute code from an object file. This time we will investigate ELF relocations.


How to execute an object file: Part 1

2 March 2021

Ever wondered if it is possible to execute an object file without linking? Or use any object file as a library? Follow along to learn how to decompose an object file and import code from it along the way.


Probably the simplest way to install Debian/Ubuntu in QEMU

5 January 2021

Without downloading any installation media


Passkb: how to reliably and securely bypass password paste blocking

9 December 2020

Introducing a simple tool, which helps pasting text into online forms with blocked paste functionality. The tool makes the adoption of a password manager much easier for Web applications, which block password paste.


Sandboxing in Linux with zero lines of code

8 July 2020

In this post we will review Linux seccomp and learn how to sandbox any (even a proprietary) application without writing a single line of code.


Import Markdown into Medium in 4 clicks

25 May 2020

Or my first web app in 10 years: what could go wrong?


Fixing weak crypto in OpenSSL based applications

13 April 2020

Fixing a proprietary tool, which uses weak cryptography, and learning runtime code patching along the way.


Speeding up Linux disk encryption

25 March 2020

How to double the performance of disk encryption in Linux.


Using Go as a scripting language in Linux

20 February 2018

Why use Go as a scripting language? Short answer: why not? Go is relatively easy to learn, not too verbose and there is a huge ecosystem of libraries which can be reused to avoid writing all the code from scratch.


UBOAT or CVE-2016-3955

19 August 2016

UBOAT is a vulnerability in USB over IP framework, which is part of Linux kernel code. This framework was originally developed by USB/IP project and merged into mainline Linux kernel since version 3.17 and allows hardware to share connected USB devices over IP network: devices, connected to USB/IP server, appear on the client as if they were plugged in locally.