Michał Leszczyński is a Security Engineer with 12 years of experience focused on low-level systems, virtualization and malware analysis. He has practical expertise building and hardening hypervisor-level tooling—contributing to DRAKVUF sandbox automation, networking and packaging—and enhancing LibVMI to map guest virtual memory from the host. His work on Drakvuf core components shows deep familiarity with Windows internals, memory forensics and API-level instrumentation. A former CERT.PL expert and current IT Security Consultant at Arx Research, he blends incident-response perspective with hands-on back-end and DevOps implementation. Colleagues rely on him for robust, reproducible analysis pipelines and pragmatic fixes that prevent subtle race conditions and deployment failures.
DRAKVUF Sandbox - automated hypervisor-level malware analysis system
Role in this project:
Back-end Developer & DevOps Engineer
Contributions:10 releases, 210 reviews, 179 commits in 1 year 2 months
Contributions summary:Michał primarily contributed to improving the DRAKVUF Sandbox system by addressing a race condition in task status retrieval within the `app.py` file and warning users about blank MinIO access keys. They also implemented networking support, including bridge creation and DNS configuration, enhancing the sandbox's network capabilities. Furthermore, the user made multiple package build improvements, including making the package build Ubuntu 18.04 compatible, along with adding a GitHub Actions workflow for Debian package builds.
Contributions:122 reviews, 75 commits, 92 PRs in 1 year 9 months
Contributions summary:Michał primarily contributed to the core functionality of the `drakvuf` project, which is a black-box binary analysis tool. They implemented the `win_find_mmvad` function, which is crucial for memory analysis, and introduced new structures and offsets related to Windows memory management. The user also added essential functions for fetching userland stack pointers (32/64 bit), a basic memory dumping plugin and expanded the memdump plugin to incorporate functionality for handling the NtWriteVirtualMemory API. They demonstrated an understanding of Windows internals and system-level programming.
binary-analysisboxanalysissandboxvirtualization
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Michał Leszczyński - Security Engineer at Arx Research Inc.