Pwndbg 2026.02.18 is out! Enhance your GDB or LLDB experience!

We visualize branches in nearpc, synchronize your decompiler (IDA/Binja/Ghidra) via decomp2dbg, annotate stack variabless from debug info or decompiler, support new Linux kernel debugging commands - for tracing SLUB allocs/frees or dumping tasks information.

See what's changed in: https://github.com/pwndbg/pwndbg/releases/tag/2026.02.18

Want Pwndbg to keep moving fast, or, having us give a talk about it? Sponsor us: https://github.com/sponsors/pwndbg/

#gdb #lldb #pwndbg #pwn #ctf #reverseengineering

Here it is, our biggest issue to date, Issue #8!
Read, share, enjoy!
https://pagedout.institute/?page=issues.php
Get prints here - https://www.lulu.com/search?page=1&pageSize=4&sortBy=PRICE_ASC&q=PAGEDOUT8&adult_audience_rating=00

And with that CFP for #9 is open - deadline 30 April 2026

We derestricted a number of vulnerabilities found by Big Sleep in JavaScriptCore today: https://issuetracker.google.com/issues?q=componentid:1836411%20title:JavascriptCore

All of them were fixed in the iOS 26.1 (and equivalent) update last month. Definitely some cool bugs in there!

Binary Ninja 5.2, Io, is live and it's out of this world! https://binary.ninja/2025/11/13/binary-ninja-5.2-io.html

With some of our most requested features of all time including bitfield support, containers, hexagon, Ghidra import, and a huge upgrade to TTD capabilities, plus a ton more, make sure to check out the changelog!

The new version of my #BinaryNinja plugin Obfuscation Analysis (v1.2) adds recursive function inlining in the decompiler.

It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.

https://github.com/mrphrazer/obfuscation_analysis

#reverseengineering

pagedout.institute ← we've just released Paged Out! zine Issue #7
https://pagedout.institute/download/PagedOut_007.pdf ← direct link
https://lulu.com/search?page=1&pageSize=4&sortBy=PRICE_ASC&q=PAGEDOUT7 ← prints for zine collectors
https://pagedout.institute/download/PagedOut_007_wallpaper.jpg ← issue wallpaper
Enjoy!

Please please please share to spread the news - thank you!

For the side channel crowd:

I wrote about how side channels in serialization can theoretically allow breaking ASLR - with a theoretical worst-case example of how a single round trip of deserializing attacker-controlled data, serializing the result again, and sending the re-serialized data to an attacker could leak an entire pointer:
"Pointer leaks through pointer-keyed data structures"
https://googleprojectzero.blogspot.com/2025/09/pointer-leaks-through-pointer-keyed.html