We released new Pwndbg: https://github.com/pwndbg/pwndbg/releases/tag/2025.05.30 !

Among others it brings:
- New & improved kernel debugging commands (buddydump, msr, slab) and more x64 regs in context
- New command for dealing with armcm exceptions: dump-register-frame
- Disasm now shows an ✘ marker for emulated branches we know won't be taken
- Improved disasm for ARM, MIPS and LoongArch64 architectures
- Initial support for the IBM s390x architecture
- IDA sync integration fixes

And also cool portable one-liner installers:
$ curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb
$ curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-lldb

Want to support us? Sponsor us at https://github.com/sponsors/pwndbg !

#pwning #gdb #ctfs #lldb #security #ctf #pwndbg

Here's 10 Reasons *Not* to do LeetCode

In my latest blog post, I break down why LeetCode isn’t for everyone, and might even be for you.

Lifting the veil:

🔐 Career Alignment
⏳ Time and relevancy
🧠 Mental bandwidth
💡 How to showcase your real skills
🎮 Alternatives
⚡ Burnout is real

👉 Find out more here: https://dreaming-of-dragons.blogspot.com/2024/12/wherein-we-face-lindwyrm-dont-do.html

#LeetCode #ReverseEngineering #CyberSecurity #MalwareAnalysis #ITcareers #TechBlog #Programming #CareerGrowth #CTFs #Burnout

Windows hard box from #hackthebox I am playing catch up because busy with work this box took me 5-6 days to do, but it was a refresh of some windows priv escalation techniques that is always welcome! FUN #HappyHacking #HTB #CTF #Hispagatos find us on #usenet alt.2600.madrid #hispagatos.talk https://www.hackthebox.com/achievement/machine/16000/637 #hackingisnotacrime #Hackers #Hacking #CTFs

Last Saturday, I went to Sophia Hacker Lab, in Sophia Antipolis for #CTFs and barbecue. I was impressed by the lab, with tons of equipment and we played a #Hack The Box.

If you're looking for a place to play CTFs, share knowledge and learn, go to https://shl.contact and attend one of their events. It's really worth it.

OWASP Juicy Shop – Score Board Challenge
Some time ago we explained how to install the OWASP Juicy Shop.

This first post of 2024 will explain how to start with this nice vulnerable application.

The first step is finding the scoreboard.

To find it, we observe several matches in the Javascript files using the browser inspector just searching for "score".Checking some of those matches we
https://www.rffuste.com/2024/01/08/owasp-juicy-shop-score-board-challenge/
#CTFs #juicyshop

Does anyone know of possible CTFs happening during Hacker Summer Camp, that are open to non-attendees online and free to participate in?

I haven't gotten my teeth into a live ctf in a while, and I miss it, the friendly competition is fun.

#defcon #hackersummercamp2023 #ctfs

Burp Suite Academy: Exploiting XXE to perform SSRF attacksBurp Suite Academy
This lab has a "Check stock" feature that parses XML input and returns any unexpected values in the response.

The lab server is running a (simulated) EC2 metadata endpoint at the default URL, which is http://169.254.169.254/. This endpoint can be used to retrieve data about t
https://www.rffuste.com/2023/07/31/burp-suite-academy-exploiting-xxe-to-perform-ssrf-attacksburp-suite-academy/
#CTFs #burpSuiteAcademy

Hey folks!

I'm still looking for people looking to submit #CTFs for the @AppSecVillage #CTFSquared competition. Have a CTF lying around that you've never user before? Send it in! You may earn a cash prize of 2k!

https://sessionize.com/appsecvillage-ctf-squared-ctf3/

Anoche tuvimos un #Directazo, donde reté a @PinguinoDeMario a un desafío #random, como respuesta a su anterior reto, literalmente hubo de todo, estuvimos resolviendo #CTFs, curiosidades y viendo como #mitigar dichas #vulnerabilidades.

👇👇👇👇
https://youtu.be/-Mnm1tLP51Q?sub_confirmation=1

Burp Suite Academy: Exploiting XXE using external entities to retrieve filesBurp Suite Academy
This lab has a "Check stock" feature that parses XML input and returns any unexpected values in the response.

To solve the lab, inject an XML external entity to retrieve the contents of the /etc/passwd file.

Checking the req
https://www.rffuste.com/2023/07/24/burp-suite-academy-exploiting-xxe-using-external-entities-to-retrieve-filesburp-suite-academy/
#CTFs #burpSuiteAcademy

Burp Suite Academy: SQL injection vulnerability allowing login bypassBurp Suite Academy
This lab contains a SQL injection vulnerability in the login function.To solve the lab, perform a SQL injection attack that logs in to the application as the administrator user.

Click on "My account":

We can see that the request is sent b
https://www.rffuste.com/2023/07/10/burp-suite-academy-sql-injection-vulnerability-allowing-login-bypassburp-suite-academy/
#CTFs #burpSuiteAcademy

A way of developing and maintaining attacker capabilities while you are part of the blue team would be participating in #wargames, #CTFs, and #bugbounties. These are places where you can attack third party systems legally and learn. Wargames: https://overthewire.org/wargames/, https://www.hackthebox.com/
CTFs: https://ctftime.org/calendar/
Bug bounties: https://bugcrowd.com and https://hackerone.com

Burp Suite Academy – SQL injection vulnerability in WHERE clause allowing retrieval of hidden dataBurp Suite Academy
This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following:

SELECT * FROM product
https://www.rffuste.com/2023/05/15/burp-suite-academy-sql-injection-vulnerability-in-where-clause-allowing-retrieval-of-hidden-databurp-suite-academy/
#CTFs #burpSuiteAcademy

Burp Suite Academy – DOM XSS in document.write sink using source location.search inside a select elementBurp Suite Academy
This lab contains a DOM-based cross-site scripting vulnerability in the stock checker functionality.

It uses the JavaScript document.write function, which writes data out to the page.
https://www.rffuste.com/2023/05/08/burp-suite-academy-dom-xss-in-document-write-sink-using-source-location-search-inside-a-select-elementburp-suite-academy/
#CTFs #burpSuiteAcademy

Hello Fediverse! We protect companies against Hacker and Criminals. Our work is as dynamic and diverse as the threat itself. #moresecurity is our mission which underlines every step we take. The exchange of knowledge with the Community is important to us. Because #moresecurity can
reach its full potential with many comrades joining the mission.

Follow us for exciting IT security Content.

#EthicalHacking #Pentesting #SecurityAdvisories #ZeroDayExploits #HackingEvents #CTFs #Compliance #PentestingTools #OpenSourceTools #SecurityAudits #PaymentSecurity

Time to dox some #infosec #frauds . This company is hosting #fake #CTFs to get free work by applicants! #LinkedIn #recruiter

Burp Suite Lab Academy – Reflected XSS into a JavaScript string with angle brackets HTML encodedBurp Suite Lab Academy
This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality where angle brackets are encoded. The reflection occurs inside a JavaScript string. To
https://www.rffuste.com/2023/04/10/burp-suite-lab-academy-reflected-xss-into-a-javascript-string-with-angle-brackets-html-encodedburp-suite-lab-academy/
#CTFs #burpSuiteAcademy

Catch Bishop Fox in the wild: We are a sponsor of
@bsidessf this year! This will act as a start to our action-packed #RSAC week in San Francisco!

Also, check out @alethe's session on going from #socialengineering #CTFs to professional #RedTeaming.

https://bfx.social/3KpiCpA

Burp Suite Lab Academy – Stored XSS into anchor `href` attribute with double quotes HTML-encoded
This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the comment author name is clicked.

Access to the lab:

According
https://www.rffuste.com/2023/03/27/burp-suite-lab-academy-stored-xss-into-anchor-href-attribute-with-double-quotes-html-encoded/
#CTFs #burpSuiteAcademy

<strong>HTB Funnel</strong>
$ nmap -v -sV -p- 10.129.74.179 --min-rate 5000

Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-04 10:15 CET
NSE: Loaded 45 scripts for scanning.
Initiating Ping Scan at 10:15
Scanning 10.129.74.179 [2 ports]
Completed Ping Scan at 10:15, 0.04s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:15
Completed Parallel DNS resolution of 1 host. at 10:15, 0.02s elapsed
Initiat
https://www.rffuste.com/2023/03/06/htb-funnel/
#CTFs #htb