dr inż. Marcin Ochab
- Jednostka:
Instytut Informatyki - Budynek: A0/B1
- Pokój: 346
- Nr telefonu: 17 851 85 94
- Email: [email protected]
- ORCID: 0000-0002-7720-9561
- Konsultacje dla studentów: Poniedziałek 13:30 - 14:00 (po uprzednim umówieniu mailem lub Teams)
Informacje
Pełnione funkcje:
Pełnomocnik Rektora ds. Cyberbezpieczeństwa
Uzyskane certyfikaty:
Zgłoszone CVE:
- CVE-2015-6003 (CVSS 2.0: 9.3 HIGH ):
https://www.kb.cert.org/vuls/id/751328
- CVE-2023-4537 (CVSS 3.0: 7.4 HIGH):
https://cert.pl/posts/2024/02/CVE-2023-4537/
https://www.cve.org/CVERecord?id=CVE-2023-4537
- CVE-2023-4538 (CVSS 3.0: 6.2 MEDIUM):
https://cert.pl/posts/2024/02/CVE-2023-4537/
https://www.cve.org/CVERecord?id=CVE-2023-4538
- CVE-2023-4539 (CVSS 3.0: 7.5 HIGH):
https://cert.pl/posts/2024/02/CVE-2023-4537/
https://www.cve.org/CVERecord?id=CVE-2023-4539
- CVE-2024-4995 (CVSS 3.1: 9.8 CRITICAL):
https://cert.pl/posts/2024/12/CVE-2024-4995/
https://www.cve.org/CVERecord?id=CVE-2024-4995
- CVE-2024-4996 (CVSS 3.1: 9.8 CRITICAL):
https://cert.pl/posts/2024/12/CVE-2024-4995/
https://www.cve.org/CVERecord?id=CVE-2024-4996
- CVE-2024-8773 (CVSS 4.0: 8.3 HIGH):
https://cert.pl/posts/2025/03/CVE-2024-8773/
https://www.cve.org/CVERecord?id=CVE-2024-8773
- CVE-2024-8774 (CVSS 4.0: 7.7 HIGH):
https://cert.pl/posts/2025/03/CVE-2024-8773/
https://www.cve.org/CVERecord?id=CVE-2024-8774
Projekty własne:
- MITM SQL Proxy - narzędzie do testowania bezpieczeństwa aplikacji desktopowych korzystających z MS SQL
https://github.com/defragmentator/mitmsqlproxy
Wkład w znane projekty open source:
- PHP (assembler):
https://github.com/php/php-src/blob/master/sapi/fpm/fpm/fpm_atomic.h
- OpenConnect VPN - ocserv 1.2.5 (C):
Nowa funkcjonalność: Allow selecting group by URL or profile
https://gitlab.com/openconnect/ocserv/-/merge_requests/403
Wybrane wystąpienia na konferencjach InfoSec:
- AlligatorCon Europe 2023 Edition, “Trying to root a robotic mower - rooted the whole company” (lightning talk), Budapest, 26.08.2023
- Live hacking session on "Raising cyber resilience in CI operators 2024" organized by the Government Security Center in the Prime Minister's of Poland Office, Warsaw, 13.05.2024
- CISSP Day 2024 Warsaw, “Hacking the nameless ERP systems”, 6.06.2024
- BSides Warsaw 2024, “Hacking the nameless ERP systems”, 14.07.2024
- Hackbreakers' Meetup 25x02 Kraków, “Hacking MSSQL based applications”, 28.02.2025
- UEKat CyberDay 2025, “IoT live hacking session”, Katowice,12.03.2025
- TTX (tabletop exercise), HACKBREAKERS' MEETUP 25x03 Warsaw, “DIY Ethernet implants”, 31.03.2025
- Hackbreakers' Meetup 25x07 Warsaw, "nOAuth in Microsoft Entra ID and Microsoft Graph API - a series of unfortunate events that will lead to tenant theft" - live hacking session, 29.07.2025
- BSidesVienna 2025, "How to rob a bank using a payment terminal", 22.11.2025
- Hackbreakers' Meetup 25x11 Warsaw, "How to rob a bank using a payment terminal", 24.11.2025
- BSides Warsaw 2025, "How to rob a bank using a payment terminal", 29.11.2025 video
Zainteresowania naukowe:
Cyberbezpieczeństwo, Red Teaming, testy penetracyjne, bezpieczeństwo systemów informatycznych
Publikacje
- [współaut.] Gałka W, Bazan J, Bentkowska U [et al.] Self-tuning framework to reduce the number of false positive instances using aggregation functions in ensemble classifier. - Procedia Computer Science, 2024, Vol. 246, p. 4028-4037
- [współaut.] Mrukowicz M, Sarzyński J, Molenda P Real-time anonymisation of DNS network traffic. - Procedia Computer Science, 2024, Vol. 246, p. 4018-4027
- [współaut.] Mrukowicz M, Sarzyński J, Rząsa W A scalable data acquisition system for the efficient processing of DNS network traffic. - Procedia Computer Science, 2024, Vol. 246, p. 4702-4711
- [współaut.] Mrukowicz M, Sarzyński J, Bentkowska U Human- and Machine-Generated Traffic Distinction by DNS Protocol Analysis W: 2021 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE). Piscataway, Institute of Electrical and Electronics Engineers (IEEE): 2021, s. 1-8
- [współaut.] Bazan J, Bazan-Socha S, Buregwa-Czuma S [et al.] Effective construction of classifiers with the k-NN method supported by a concept ontology. - Knowledge and Information Systems, 2020, Vol. 62, iss. 4, p. 1497-1510
- [współaut.] Wajs W, Kruczek P, Szymański P [et al.] Arterial Flows in Bronchopulmonary Dysplasia Prediction W: Information Technology in Biomedicine : Proceedings 6th International Conference, ITIB'2018, Kamień Śląski, Poland, June 18-20, 2018 / Editors Ewa Piętka, Paweł Badura, Jacek Kawa, Wojciech Więcławek. Cham, Springer: 2019, S. 272-278
- [współaut.] Wajs W, Kruczek P, Szymański P [et al.] Newborn Arterial Blood Gas Prediction W: 2018 11th International Congress on Image and Signal Processing, BioMedical Engineering and Informatics CISP-BMEI 2018 / eds. Wei Li, Qingli Li,Lipo Wang. Piscataway, Institute of Electrical and Electronics Engineers (IEEE): 2018
- [współaut.] Wajs W, Wais P, Trojnar K [et al.] Bronchopulmonary dysplasia prediction using naive bayes classifier W: Advanced Solutions in Diagnostics and Fault Tolerant Control / editors Jan M. Kościelny, Michał Syfert, Anna Sztyber. Cham, Springer: 2018, S. 281-290
- [współaut.] Wajs W, Wojtowicz H, Wais P Prediction of Arterial Blood Gases Values in Premature Infants with Respiratory Disorders W: Intelligent Information and Database Systems : 9th Asian Conference, ACIIDS 2017, Kanazawa, Japan, April 3-5, 2017, Proceedings, Part II / Nguyen, N.T., Tojo, S., Nguyen, L.M., Trawiński, B. (Eds.). Cham, Springer: 2017, S. 434-444
- [współaut.] Wajs W, Wais P, Wojtowicz H Arterial Blood Gases Forecast Optimization by Artificial Neural Network Method W: Information Technologies in Medicine : 5th International Conference, ITIB 2016 Kamień Śląski, Poland, June 20 - 22, 2016 Proceedings, Volume 1 / Piętka, E., Badura, P., Kawa, J., Więcławek, W. (Eds.). New York, Springer: 2016, S. 433-444
- [współaut.] Wajs W, Wojtowicz H, Wais P Statistical Method for the Problem of Bronchopulmonary Dysplasia Classification in Pre-mature Infants W: Intelligent Decision Technologies 2016 : Proceedings of the 8th KES International Conference on Intelligent Decision Technologies (KES-IDT 2016) - Part / editors Irek Czarnowski, Alfonso Mateos Caballero, Robert J. Howlett, Lakhmi C. Jain. Cham, Springer: 2016, S. 165-179