High-risk tools in Pwndbg Lldb
58 of the 153 tools in Pwndbg Lldb are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
pwndbg_asmExecutepwndbg_asm
-
pwndbg_attachExecuteAttach to a running process by PID.
-
pwndbg_commandExecutepwndbg_command
-
pwndbg_command_batchExecutepwndbg_command_batch
-
pwndbg_contextExecutepwndbg_context
-
pwndbg_continueExecutepwndbg_continue
-
pwndbg_cyclicExecutepwndbg_cyclic
-
pwndbg_daExecutepwndbg_da
-
pwndbg_ddExecutepwndbg_dd
-
pwndbg_dtExecutepwndbg_dt
-
pwndbg_dwExecutepwndbg_dw
-
pwndbg_ebExecutepwndbg_eb
-
pwndbg_emulateExecutepwndbg_emulate
-
pwndbg_entryExecutepwndbg_entry
-
pwndbg_eqExecutepwndbg_eq
-
pwndbg_examineExecutepwndbg_examine
-
pwndbg_expressionExecuteEvaluate an expression in the current frame (LLDB native).
-
pwndbg_find_fake_fastExecutepwndbg_find_fake_fast
-
pwndbg_finishExecuteExecute until the current function returns.
-
pwndbg_hijack_fdExecutepwndbg_hijack_fd
-
pwndbg_loadExecutepwndbg_load
-
pwndbg_mprotectExecutepwndbg_mprotect
-
pwndbg_nextExecuteStep over the next source line or instruction (does not enter calls).
-
pwndbg_nextcallExecutepwndbg_nextcall
-
pwndbg_nextjmpExecutepwndbg_nextjmp
-
pwndbg_nextproginstrExecutepwndbg_nextproginstr
-
pwndbg_nextretExecutepwndbg_nextret
-
pwndbg_nextsyscallExecutepwndbg_nextsyscall
-
pwndbg_onegadgetExecutepwndbg_onegadget
-
pwndbg_p2pExecutepwndbg_p2p
-
pwndbg_parse_seccompExecutepwndbg_parse_seccomp
-
pwndbg_plistExecutepwndbg_plist
-
pwndbg_pwndbgExecutepwndbg_pwndbg
-
pwndbg_r2Executepwndbg_r2
-
pwndbg_ropExecutepwndbg_rop
-
pwndbg_runExecutepwndbg_run
-
pwndbg_run_until_stopExecutepwndbg_run_until_stop
-
pwndbg_rzExecutepwndbg_rz
-
pwndbg_set_breakpointExecuteSet a breakpoint at the given location, optionally with a condition.
-
pwndbg_set_breakpoint_advancedExecutepwndbg_set_breakpoint_advanced
-
pwndbg_sigreturnExecutepwndbg_sigreturn
-
pwndbg_slabExecutepwndbg_slab
-
pwndbg_sprayExecutepwndbg_spray
-
pwndbg_stackfExecutepwndbg_stackf
-
pwndbg_startExecutepwndbg_start
-
pwndbg_start_monitorExecutepwndbg_start_monitor
-
pwndbg_stepExecuteStep into the next source line or instruction.
-
pwndbg_stepoverExecutepwndbg_stepover
-
pwndbg_stepretExecutepwndbg_stepret
-
pwndbg_stepsyscallExecutepwndbg_stepsyscall
-
pwndbg_stepuntilasmExecutepwndbg_stepuntilasm
-
pwndbg_stop_monitorExecuteStop the background event monitor for a session.
-
pwndbg_tcacheExecutepwndbg_tcache
-
pwndbg_thread_selectExecuteSelect a specific thread and show its backtrace.
-
pwndbg_try_freeExecutepwndbg_try_free
-
pwndbg_valistExecutepwndbg_valist
-
pwndbg_watchpointExecuteSet a watchpoint on a memory address or variable.
-
pwndbg_xorExecutepwndbg_xor
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.