About:
My name is Mariusz Zaborski, also known as oshogbo. I’m a Polish software developer. My main areas of interest are OS security, low-level programming and fileystems. In my free time, I contribute to the open-source community. I have been a FreeBSD committer since 2015. My primary work in this project is focused, but not limited to, creating infrastructure around Capsicum - process sandboxing technique based on capabilities. I was also a successful student of the Google Summer of Code 2013 for this project. In the past, I was a team member of vexillium group, a group of computer enthusiasts. We participated in some GameDev competitions with notable success. Unfortunately, the group is no longer active. I also organized two mettups: the Polish BSD User Group (BSD-PL, since 2018), and a security meetup - No Such Meetup (since 2019). Unfortunetly, both project were canceled due to COVID. Besides this blog I also like to share my experience and work at conferences. I was a speaker at a number of BSD and security conferences. I also wrote articles for some international and local magazines. I live in Warsaw, a big capital city in Europe. Please also notice that the posts on this blog represent my private opinion, not my employer’s opinion, nor of any teams I belong to or any of the open source community I work with.
My name is Mariusz Zaborski, also known as oshogbo. I’m a Polish software developer. My main areas of interest are OS security, low-level programming and fileystems. In my free time, I contribute to the open-source community. I have been a FreeBSD committer since 2015. My primary work in this project is focused, but not limited to, creating infrastructure around Capsicum - process sandboxing technique based on capabilities. I was also a successful student of the Google Summer of Code 2013 for this project. In the past, I was a team member of vexillium group, a group of computer enthusiasts. We participated in some GameDev competitions with notable success. Unfortunately, the group is no longer active. I also organized two mettups: the Polish BSD User Group (BSD-PL, since 2018), and a security meetup - No Such Meetup (since 2019). Unfortunetly, both project were canceled due to COVID. Besides this blog I also like to share my experience and work at conferences. I was a speaker at a number of BSD and security conferences. I also wrote articles for some international and local magazines. I live in Warsaw, a big capital city in Europe. Please also notice that the posts on this blog represent my private opinion, not my employer’s opinion, nor of any teams I belong to or any of the open source community I work with.
Publications:
| Year | Where | What | Language | Title |
|---|---|---|---|---|
| 2025 | Programista | Article | PL | CVE Archive: PHP and dash |
| 2025 | Programista | Article | PL | CVE Archive: CVE-2023-38545 Libcurl and proxy |
| 2024 | Programista | Article | PL | CVE Archive: RCE in ARC |
| 2024 | Programista | Article | PL | CVE Archive: Windows command injection |
| 2024 | Programista | Article | PL | CVE Archive: Vim modeline |
| 2023 | Programista | Article | PL | CVE Archive: Analysis of errors in BMC |
| 2023 | Programista | Article | PL | CVE Archive: Deserialization in PHP |
| 2023 | Programista | Article | PL | CVE Archive: Bug in ping(8) |
| 2022 | FreeBSD Journal | Article | ENG | Introduction to CARP |
| 2022 | Programista | Article | PL | CVE Archive: Bug in sudo |
| 2022 | Programista | Article | PL | CVE Archive: Spring4Shell |
| 2022 | Programista | Article | PL | CVE Archive: log4j |
| 2022 | Programista | Article | PL | CVE Archive: heartbleed |
| 2021 | Programista | Article | PL | CVE Archive: Wordpress |
| 2021 | FreeBSD Journal | Article | ENG | How to Implement Simple USB Driver for FreeBSD |
| 2021 | Programista | Article | PL | CVE Archive: OpenBSD Authorization |
| 2021 | Programista | Article | PL | CVE Archive: Shellshock |
| 2021 | FreeBSD Journal | Article | ENG | Seven Ways to Increase Security in a New FreeBSD Installation |
| 2020 | FreeBSD Fridays | Lecture | ENG | Introduction to Capsicum |
| 2020 | FreeBSD Journal | Article | ENG | Google Summer of Code |
| 2020 | AsiaBSDCon | Article | ENG | Let's (D)Trace Postgres (co-author: Adam Wolk) |
| 2019 | BSDNow | Podcast | ENG | 330: Happy Holidays, All(an) |
| 2019 | FreeBSD Journal | Article | ENG | Capsicum Update 2019 |
| 2019 | Paged Out! | Article | ENG | Tracing Recipes! |
| 2019 | CNSM 2019 | Poster | ENG | CapExec: towards transparently-sandboxed services (co-authors: Mahya Soleimani Jadidi, Brian Kidney, Jonathan Anderson) |
| 2019 | Security BSides | Lecture | PL | Dynamic Tracing |
| 2019 | Paged Out! | Article | ENG | Fun with process descriptors |
| 2019 | Programista | Article | PL | Reproducible Builds |
| 2019 | BSD-PL | Lecture | ENG | BSDCan 2019 - recap |
| 2019 | PGCon | Lecture | ENG | Let's (D)Trace Postgres tracing the madness (co-author: Adam Wolk) |
| 2019 | BSDCan | Lecture | ENG | Building a security appliance based on FreeBSD |
| 2019 | AsiaBSDCon | Tutorial | ENG | Sandboxing applications with Capsicum |
| 2019 | FreeBSD Journal | Article | ENG | FreeBSD for Developers |
| 2019 | Warsaw PostgreSQL User Group | Lecture | PL | DTrace PostgreSQL (co-author: Adam Wolk) |
| 2018 | PozSec | Lecture | PL | ZFS in the unsecured world |
| 2018 | MeetBSD California | Lecture | ENG | Best practices of sandboxing applications with Capsicum |
| 2018 | Security BSides | Lecture | PL | Reproducible Builds |
| 2018 | FreeBSD Journal | Article | ENG | Protect your secrets with YubiKey (co-author: Jaroslaw Zurek, Michal Borysiak) |
| 2018 | FreeBSD Journal | Article | ENG | Capsicum - Just apply me! |
| 2018 | BSD-PL | Lecture | PL | Checkpoints in ZFS |
| 2018 | AsiaBSDCon | Article and lecture | ENG | Building a security appliance based on FreeBSD |
| 2017 | Security BSides | Lecture | PL | ZFS in eye of a hacker |
| 2017 | Unix na wolnoci | Lecture | PL | Can I trust you? - Reproducible Builds |
| 2017 | BSDTW | Lecture | ENG | A case study of sandboxing base systems with Capsicum |
| 2017 | EuroBSDCon | Lecture | ENG | A case study of sandboxing base systems with Capsicum |
| 2017 | AsiaBSDCon | Article and lecture | ENG | A case study of sandboxing base systems with Capsicum |
| 2017 | Programista | Article | PL | Macros in C |
| 2016 | Security BSides | Lecture | PL | Quick look in the security of banking |
| 2016 | pkgsrcCon | Lecture | ENG | The last word in file systems |
| 2016 | BSDCan | Lecture | ENG | Capsicum and Casper fairy tale about solving security problems |
| 2016 | AsiaBSDCon | Article and lecture | ENG | Capsicum and Casper fairy tale about solving security problems |
| 2015 | Security BSides | Lecture | PL | Privilege separation |
| 2015 | Programista | Article | PL | ZFS - revolution in the file systems |
| 2014 | ;login; Usenix | Article | ENG | Sandboxing with Capsicum, co-author with Pawel Dawidek |
| 2014 | Security BSides | Lecture | PL | Building secure network appliance using open source technology |
| 2014 | BSDCan | Lecture | ENG | Capsicum and Casper - more than a lipstick on a pig, co-author with Pawel Dawidek |