We released new Pwndbg: https://github.com/pwndbg/pwndbg/releases/tag/2025.05.30 !

Among others it brings:
- New & improved kernel debugging commands (buddydump, msr, slab) and more x64 regs in context
- New command for dealing with armcm exceptions: dump-register-frame
- Disasm now shows an ✘ marker for emulated branches we know won't be taken
- Improved disasm for ARM, MIPS and LoongArch64 architectures
- Initial support for the IBM s390x architecture
- IDA sync integration fixes

And also cool portable one-liner installers:
$ curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb
$ curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-lldb

Want to support us? Sponsor us at https://github.com/sponsors/pwndbg !

#pwning #gdb #ctfs #lldb #security #ctf #pwndbg

Here's 10 Reasons *Not* to do LeetCode

In my latest blog post, I break down why LeetCode isn’t for everyone, and might even be for you.

Lifting the veil:

🔐 Career Alignment
⏳ Time and relevancy
🧠 Mental bandwidth
💡 How to showcase your real skills
🎮 Alternatives
⚡ Burnout is real

👉 Find out more here: https://dreaming-of-dragons.blogspot.com/2024/12/wherein-we-face-lindwyrm-dont-do.html

#LeetCode #ReverseEngineering #CyberSecurity #MalwareAnalysis #ITcareers #TechBlog #Programming #CareerGrowth #CTFs #Burnout

Last Saturday, I went to Sophia Hacker Lab, in Sophia Antipolis for #CTFs and barbecue. I was impressed by the lab, with tons of equipment and we played a #Hack The Box.

If you're looking for a place to play CTFs, share knowledge and learn, go to https://shl.contact and attend one of their events. It's really worth it.

OWASP Juicy Shop – Score Board Challenge
Some time ago we explained how to install the OWASP Juicy Shop.

This first post of 2024 will explain how to start with this nice vulnerable application.

The first step is finding the scoreboard.

To find it, we observe several matches in the Javascript files using the browser inspector just searching for "score".Checking some of those matches we
https://www.rffuste.com/2024/01/08/owasp-juicy-shop-score-board-challenge/
#CTFs #juicyshop

Does anyone know of possible CTFs happening during Hacker Summer Camp, that are open to non-attendees online and free to participate in?

I haven't gotten my teeth into a live ctf in a while, and I miss it, the friendly competition is fun.

#defcon #hackersummercamp2023 #ctfs

Burp Suite Academy: Exploiting XXE to perform SSRF attacksBurp Suite Academy
This lab has a "Check stock" feature that parses XML input and returns any unexpected values in the response.

The lab server is running a (simulated) EC2 metadata endpoint at the default URL, which is http://169.254.169.254/. This endpoint can be used to retrieve data about t
https://www.rffuste.com/2023/07/31/burp-suite-academy-exploiting-xxe-to-perform-ssrf-attacksburp-suite-academy/
#CTFs #burpSuiteAcademy

Hey folks!

I'm still looking for people looking to submit #CTFs for the @AppSecVillage #CTFSquared competition. Have a CTF lying around that you've never user before? Send it in! You may earn a cash prize of 2k!

https://sessionize.com/appsecvillage-ctf-squared-ctf3/

Anoche tuvimos un #Directazo, donde reté a @PinguinoDeMario a un desafío #random, como respuesta a su anterior reto, literalmente hubo de todo, estuvimos resolviendo #CTFs, curiosidades y viendo como #mitigar dichas #vulnerabilidades.

👇👇👇👇
https://youtu.be/-Mnm1tLP51Q?sub_confirmation=1

Burp Suite Academy: Exploiting XXE using external entities to retrieve filesBurp Suite Academy
This lab has a "Check stock" feature that parses XML input and returns any unexpected values in the response.

To solve the lab, inject an XML external entity to retrieve the contents of the /etc/passwd file.

Checking the req
https://www.rffuste.com/2023/07/24/burp-suite-academy-exploiting-xxe-using-external-entities-to-retrieve-filesburp-suite-academy/
#CTFs #burpSuiteAcademy