My 88th blog post, a number considered lucky in many parts of Asia, was featured in the latest #BSDNow episode. The twist? It was covered in episode 666. 😈 Coincidence? 🤔 www.bsdnow.tv/666

A quick note to folks who are considering attending our Kubernetes security workshop - we might end sales early, so please don't wait until the last minute. If you know it might take you a bit longer to secure funding, let me know and we'll figure something out :)

I've posted a new video about a specific variant of Open Redirect, that I think is the most problematic one, up to the point of actually being a vulnerability: www.youtube.com/watch?v=eTde...

New short video: www.youtube.com/watch?v=kVoh...

I'm thinking of doing an in-depth Python summer camp? (online live workshop, in English). If you're potentially interested, please add your email to the list: hackarcana.com/summer-pytho... (it's just so I can measure interest and have a way to let you know once more info is up).

There was this gem of a challenge on Google Beginners Quest 2025 - it's just 50 lines of code, but one can learn a lot from it: www.youtube.com/watch?v=V2HS...

I haven't uploaded stuff to my YT for some time, but I've recorded a couple of videos yesterday. Here's the first one, which is on how to start with the time-limited K8s CTF challenges we have on hA: youtu.be/XFncTjtAtVA (second one will be about a different CTF task form BQ)

Super happy to announce we've listed the first workshop done by external experts at my educational site! hackarcana.com/workshop-list If you need to secure Kubernetes or want to learn how to assess its security - hands on! - you got to check this out.

Interested in getting to know some cybersecurity arcana? We're doing a livestream today with a misconfigured Kubernetes getting hacked :) Access is granted, but you have to register... or get the link another way ;) hackarcana.com/challenge/20...

[Good read for a lazy Friday] 0.1 + 0.2 is not 0.3. Yes, yes, everyone in programming knows this - it's these damn floats again! But what are the exact reasons? Since I love floats, I've reworked an answer I've recently given into an article that dives deep into this: hackarcana.com/article/floa...

Quite a lot of folks already finished our mini-CTF - congratz :)

We're running a small challenge next week on my edu site. We actually got 2 amazing k8s sec experts who made mini-quest-CTF (3 challs chained). The setup for this is an engineering marvel - probably it's more complex than we've done on any other CTFs. Anyway, Apr 29th, 6pm CEST.

Hey folks! We're running a 2-3 challenge K8s-themed mini-CTF. It's both for fun, but also to test our infra before the upcoming workshops on security of K8s. Anyway, it starts April 29, so sign up if you want to hack some Kubernetes :)

A 25-hour RPG finished in under 2 minutes. Not speedrunning - hacking. @gynvael.bsky.social breaks the game using reverse engineering, bugs, and his uncanny skills. #CONFidenceConf 2026 👉 bit.ly/joinCONFI2026

When working with computers we frequently find these cool little tidbits/tricks/tips we could share. They are too small to make a full article, but they are likely the right size for Paged Out! magazine, where each article is just 1 page 😎 CFP deadline for Issue #9: 30th April'26

This article reminded me of a GOATed FPGA bistream RE task from GoogleCTF - GPURTL by Robin - where the key to solving it for me was observing the pattern of changing bits in FPGA's registers. LiveOverflow made a video about it - link in the reply in case you want to check it out.

www.youtube.com/watch?v=gJM9... ← my new old talk was released as a standalone; it's a fun story of how you go from being able to write '2' (0x32, 1 byte) anywhere on the FS to full RCE with admin/root privs

A perfect 1-page Friday reading → here's a fun article by Jacob Strieb about (ab)using <canvas> element in HTML and PNGs to get DEFLATE compression into older browsers (without reimplementing the whole thing in JS).

This 1-pager from Xusheng Li on GDB internals of how watchpoints are implemented is a delight to read! (especially that double-write behaviour false positive - I did not know about that)

My favorite XSS trick when you can add only attributes (when < and > are removed from the input) is to add onfocus=alert(1) and autofocus: <input value="" onfocus="..." autofocus=""> To not create a loop, I add this.blur(), otherwise alert() steals the focus, and then the field gains it once again.

confidence-conference.org/cfp-2026/ ← quick reminder that the Call For Papers for CONFidence 2026 (May, Poland) closes this week!

Woah! @phrack.org zine raising the bar for CFPs I see! They have an actual crack intro with music and stuff on their website now!

Paged Out! made it to RE//verse! <3

My second article in Paged Out! #8 was about the architecture of the terminal emulator on Linux - it's a really obvious thing until you start digging into details, as usual (link to article/issue is in reply).

My article in newest Paged Out! about everyone's favorite Python party trick: pagedout.institute/webview.php?... #python #goingtoapythonprogrammersparty #pythonprogramminglanguagethemedparty #whatispythonsis

Guess what's out :)

Just got this link on my discord - www.kickstarter.com/projects/bit... - passing it along because this book looks fun!

We are excited to announce the CFP for the next tmp.0ut Volume 5! tmpout.sh/blog/vol5-cf...

A useful chart on what type to use for flags in C/C++ depending on your D&D alignment:

Glitches in games, especially used for speedrunning, are one of the most fun aspects of hacking to watch! As an example, check out this video "How Speedrunners BEAT Hollow Knight Silksong In 10 Minutes!" by Abyssoft www.youtube.com/watch?v=M6Jn...

Ah Saturday morning! What a great time to... ...write a 1-page article for Paged Out! zine! Deadline is 4th Jan - just a week away. CFP: pagedout.institute?page=cfp.php

𝙿𝙰𝙶𝙴𝙳 𝙾𝚄𝚃! #𝟾 𝙳𝙴𝙰𝙳𝙻𝙸𝙽𝙴: 𝟺 𝙹𝚊𝚗𝚞𝚊𝚛𝚢 𝟸𝟶𝟸𝟼 𝙴𝚘𝙳 𝙴𝚘𝙰 Save the date if you're planning to write an article or showcase your digital art in the next issue of our magazine. pagedout.institute P.S. We're looking for sponsors for issue #8 as well.

One of my favorite projects just hit a HUGE milestone of 1 million downloads! Kudos to the team and everyone who supported us!

You can write '2' (0x32) anywhere in the filesystem of a Linux-based network switch. How do you get root? That's basically what my talk at GreHack conference was about - enjoy! youtu.be/F4CudbWHZ7Y?... youtu.be/X-ZJH4d2tuE?...

With the newest Black Alps 2025 and GreHack 2025 additions, my printed Paged Out! collection is slowly growing!

pagedout.institute ← Call for articles & art for issue #8 of this technical IT zine is open! As usual, we accept 1-page articles about everything interesting in IT and related fields (be it programming, cybersec, AI, demoscene, retro, electronics, etc).

Here's some blursed Python code for you: a, b, c = {"alice", "has", "a cat"} print(a, b, c)

Here's a Saturday Python 3 Puzzle for you:

If you've liked my "Linux Terminal: CTRL+D is like pressing ENTER" article (hackarcana.com/article/ctrl...), be sure to checkout @mina86.com's "Is Ctrl+D really like Enter?" (mina86.com/2025/is-ctrl...) :)

Heeey, ncurses/terminfo has a small virtual machine! And if there's a VM, there are CTF challenges :) hackarcana.com/public-exerc... hackarcana.com/public-exerc... (third one coming next week, will be a bit harder)

We've received 50 required articles for issue #7 of @pagedout.bsky.social - this means we're publishing the issue in the few next weeks. 1. Want to get an article in #7? You should write it now and send it in in the next few days. 2. We're still looking for more issue sponsors!

OK, ChatGPT 5 admittedly surprised me in a positive way. I threw a PNG with a (small) Python AST graph at it and told it to reverse it to Python code, and it successfully did that. I have expected it to fail hard, but here we are 🤷.

Friendly reminder that order of operations makes a difference... more so than you think ;)

Lulu (print on demand) is increasing prices by 5% from Aug 1st, so if you were thinking of getting @pagedout.bsky.social #6 there, do it now: www.lulu.com/search?page=...

[Please share with people outside of cybersec] Do you have a horror story when you had to deal with cybersecurity companies / people? This is your chance to vent! → forms.gle/9aX24HrfnEQm... I'm running an anonymous survey to listen to stories and look into the disconnect we sometimes have.

Yet another ZIP trick... hackarcana.com/article/yet-... + a hands on exercise if you want to try this yourself: hackarcana.com/article/yet-...

A (not so) short analysis of anonymization schema used in the "Discord Unveiled" paper: hackarcana.com/article/anon...

Poll! What ANSI color types does your terminal support? "\x1b[1;31m3bpp+attr\x1b[m \x1b[91m4bpp\x1b[m \x1b[38:5:196m8bpp\x1b[m \x1b[38;2;255;0;0m24bpp\x1b[m" Reply with screenshot of the output of this string + add OS/terminal versions E.g. Ubuntu 24.04.2LTS, Konsole 23.08.5

Btw, is there sth like (www.web3isgoinggreat.com) but about AI fails?

[PL] W przyszłym tygodniu zaczynam nową serię szkoleniową - 10 projektów w Pythonie krok po kroku (python.sekurak.pl). Coś dla osób bardziej początkujących, w szczególności dla osób, które trafiły na ścianę po hello world / kalkulatorze, albo mają problem jak ↓