The Ghost of OllyDbg

We're all busy. Hiring is a chore. Who has time to really think about listing which qualifications are key to a given role? Not to mention which are even still a thing! There's so many existing roles out there that are close enough to ours... Why not just copy one of those, tweak it a bit, and be done with it?

Well...

Let's start with a story. If you've been in the security scene long enough, you'll no doubt be familiar with a tool called OllyDbg. As its name suggests, it's a debugger - a really good Win32 debugger. So good, that for many years it was the hacker's choice! It was under active development from around 2000 through 2013. That's a solid run for any software.

But you see, that's just it. OllyDbg has not been updated in nearly 10 years. It has no 64-bit support (aside from an unfinished rewrite), and very few people still use it - except for nostalgia's sake, perhaps.

So why is it that we still see it listed again, and again, and again on Security Researcher, Malware Analyst, Reverse Engineer and other such roles?

Just a few examples, pulled at random from today's job list.

All the stranger because OllyDbg's own website is pretty clear about it's status.

To return to the question - when a candidate encounters OllyDbg in a Skills & Qualifications list in the year 2023, there's a few potential thoughts that cross their mind:

• "I thought OllyDbg was dead - I must be really out of touch."
• "I thought OllyDbg was dead - these folks must be really out of touch."
• "What the heck is OllyDbg? Did they mean gdb, x64dbg or Windbg?"

None of these are the first impression you want to convey to potential candidates. It's hard enough to find good matches as it is.

So if you or someone you love is committing job-poster-copy-paste, please let OllyDbg's ghost move on. WinDbg and x64dbg are commonly used and perfectly recognisable alternatives.

If you still use OllyDbg on a daily basis and want to tell me how wrong I am, please share your shame down below in the comments.