I recently completed the pwn.college "Yellow Belt – Program Security" track.
It covered shellcoding, memory corruption, reverse engineering, ROP, heap exploitation and allocator internals — with lots of hands-on challenges using Ghidra, GDB, pwntools and angr.
What stands out is the challenge-driven approach: understanding not just how an exploit works, but why.
How do you keep your cybersecurity skills sharp?
#CyberSecurity #CTF #ReverseEngineering #BinaryExploitation #pwncollege
That totally reflects my experience with recent Opus & Fable
Want this a bit more "business ready" for sharing? Here we go!
In the past weeks, the pwn.college Dynamic Allocator Misuse module taught me many practical concepts I have long known from theory:
Use-after-free, double-free, tcache internals, LIFO reuse, tcache poisoning, arbitrary read, fake chunks, safe-linking, whitespace-armored addresses, and partial secret corruption.
Knowing theory is good, but experiencing those concepts in practice is priceless.
Thank you, @pwn.college!
#ctf #cybersecurity #pwncollege #malloc #heap #tcache #safelinking
Finished the pwn.college Yellow belt Dynamic Allocator Misuse - 4 weeks of type-2 fun.
Onward to greatness and my Yellow belt in pwn.college!
#ctf #cybersecurity #pwncollege #malloc #heap #tcache #safelinking
"Uebung kann man nicht herbeireden" - aber manchmal hilft erklaeren.
"You can't just talk your way through practice"—but sometimes explaining helps.
I was hinted at this weekend's UMDCTF with a special "ipv8" pwn challenge. I had a look and had fun both exploiting and creating a writeup:
2/2
Two thoughts on trusting AI:
a) We will(!) end up accepting that AI is better than human programmers in (soon) almost every respect - just like we already accepted high-level languages.
b) But who can guarantee that, along the way, nothing has slipped into our (future) toolchain? Something deeply embedded that nobody can fully remove anymore, and that could be triggered to do something unintended?
#trust #kenthompson #assemblylanguage #highlevellanguages #vibecoding #ai
1/2
Reflections on Trusting AI:
A friend shared an interesting idea today: did we lose something when we moved from assembler to high-level languages? Probably not.
In that context, I recently revisited "Reflections on Trusting Trust" by Ken Thompson, which I found quite compelling.
Two thoughts from that:
#trust #kenthompson #assemblylanguage #highlevellanguages #vibecoding #ai
CTF players in (most) CTFs in 2026 be like...
Kudos to those CTFs that have separate scoreboards for "human-only" and "ai" players (and who upload combined scoreboards to ctftime).
