dr inż. Marcin Ochab

  • Jednostka:
    Institute of Computer Science
  • Budynek: A0/B1
  • Pokój: 346
  • Nr telefonu: 17 851 85 94
  • Email: [email protected]
  • ORCID: 0000-0002-7720-9561
  • Konsultacje dla studentów: Monday 1:30 p.m. - 2:00 p.m. (by prior appointment via email or Teams)

Informacje

Duties performed:

Rector's Proxy for Cyber Security

 

Certificates obtained:

                        OSCP OSWE

          OSCPOSWE

Reported CVE:

  • CVE-2015-6003 (CVSS 2.0: 9.3 HIGH ):

https://www.kb.cert.org/vuls/id/751328

  • CVE-2023-4537 (CVSS 3.0: 7.4 HIGH):

https://cert.pl/posts/2024/02/CVE-2023-4537/

https://www.cve.org/CVERecord?id=CVE-2023-4537

 
  • CVE-2023-4538 (CVSS 3.0:  6.2 MEDIUM):

https://cert.pl/posts/2024/02/CVE-2023-4537/

https://www.cve.org/CVERecord?id=CVE-2023-4538

 
  • CVE-2023-4539 (CVSS 3.0: 7.5 HIGH):

https://cert.pl/posts/2024/02/CVE-2023-4537/

https://www.cve.org/CVERecord?id=CVE-2023-4539

 
  • CVE-2024-4995 (CVSS 3.1: 9.8 CRITICAL):

https://cert.pl/posts/2024/12/CVE-2024-4995/

https://www.cve.org/CVERecord?id=CVE-2024-4995

  • CVE-2024-4996 (CVSS 3.1: 9.8 CRITICAL):

https://cert.pl/posts/2024/12/CVE-2024-4995/

https://www.cve.org/CVERecord?id=CVE-2024-4996

  • CVE-2024-8773 (CVSS 4.0: 8.3 HIGH):

https://cert.pl/posts/2025/03/CVE-2024-8773/

https://www.cve.org/CVERecord?id=CVE-2024-8773

  • CVE-2024-8774 (CVSS 4.0: 7.7 HIGH):

https://cert.pl/posts/2025/03/CVE-2024-8773/

https://www.cve.org/CVERecord?id=CVE-2024-8774

Own projects:

  • MITM SQL Proxy - a tool for testing the security of desktop applications using MS SQL

https://github.com/defragmentator/mitmsqlproxy

Contributions to well-known open source projects:

New functionality: Allow selecting group by URL or profile

https://gitlab.com/openconnect/ocserv/-/merge_requests/403

Selected presentations at InfoSec conferences::

  • AlligatorCon Europe 2023 Edition, “Trying to root a robotic mower - rooted the whole company” (lightning talk), Budapest, 26.08.2023
  • Live hacking session on "Raising cyber resilience in CI operators 2024" organized by the Government Security Center in the Prime Minister's of Poland Office, Warsaw, 13.05.2024
  • CISSP Day 2024, “Hacking the nameless ERP systems”, EY Warsaw, 6.06.2024
  • BSides Warsaw 2024, “Hacking the nameless ERP systems”, 14.07.2024
  • Hackbreakers' Meetup 25x02 Kraków, “Hacking MSSQL based applications”, 28.02.2025
  • UEKat CyberDay 2025, “IoT live hacking session”, Katowice,12.03.2025
  • TTX (tabletop exercise), HACKBREAKERS' MEETUP 25x03, “DIY Ethernet implants”, Google for Startups Campus Warsaw, 31.03.2025
  • Hackbreakers' Meetup 25x07, "nOAuth in Microsoft Entra ID and Microsoft Graph API - a series of unfortunate events that will lead to tenant theft" - live hacking session, Google for Startups Campus Warsaw, 29.07.2025
  • BSidesVienna 2025, "How to rob a bank using a payment terminal", 22.11.2025
  • Hackbreakers' Meetup 25x11, "How to rob a bank using a payment terminal", Google for Startups Campus Warsaw , 24.11.2025
  • BSides Warsaw 2025, "How to rob a bank using a payment terminal", 29.11.2025 video

Research interests:

Cybersecurity, Red Teaming, penetration testing, IT system security

Publikacje