..:: Corelan Team | Peter Van Eeckhoutte (corelanc0d3r) ::..

Reversing 101 – Solving a protection scheme

Published May 14, 2012 |

In this post, we’ll look at an application reversing challenge from HTS (hackthissite.org) resembling a real-life protection scheme.
Put simple, the program creates a key for your username, and compares it to the one you enter.
The goal of the HTS challenge is to create a key generator, but I just want to demonstrate how to retrieve the password.
Continue reading →

Posted in Malware and Reversing | Tagged active-directory-schema-update-log, breakpoint, challenge, corelan-be, crack, ctf, hackthissite, HTS, immunity debugger, keygen, password, reverse engineering, reversing, wargame | 5 Comments

BlackHat EU 2012 – Day 3

Published March 16, 2012 |

By Corelan Team (corelanc0d3r)

Good morning, Since doing live-blogging seemed to work out pretty well yesterday, I’ll do the same thing again today. Please join in for day 3 at BlackHat Europe 2012, in a cloudy and rainy Amsterdam. The first talk I attended today was : “Secure Password Managers” and “Military Grade Encryption” on Smartphones Andrey Belenko and [...]

Posted in Cons and Seminars | Tagged amsterdam, binary, blackhat, blackhat europe, canape, canary, chromebook, cracking, debugger, elcomsoft, encryption, felix lindner, fon, font, fuzzing, fx, gdi, google, ios, ipad, kd, kernel, kernel pool, passcode, password, password manager, protocol, ring0, ring3, smartphone, ttf, windbg | Leave a comment

BlackHat EU 2012 – Day 2

Published March 15, 2012 |

By Corelan Team (corelanc0d3r)

Welcome back friends, at day 2 of BlackHat Europe 2012, held in the Grand Hotel Krasnapolsky in the wonderful city of Amsterdam. Today, I’m going to do things slightly different. I will try to post write-ups immediately after a presentation (and I’ll add in pictures later). I will basically update this page all the [...]

Posted in Cons and Seminars | Tagged 2012, accuvant, amsterdam, antonios atlasis, blackhat, blackhat europe, border search, CBP, david litchfield, eff, electronic frontier foundation, encryption, fragmentation, ICE, ipv6, marcia hofmann, mariano nunez, onapsis, oracle, overlap, privacy, rfc522, sap, scapy, seth schoen, sql injection, tsa | Leave a comment

BlackHat EU 2012 – Day 1

Published March 14, 2012 |

By Corelan Team (corelanc0d3r)

Introduction – Back in Amsterdam ! After a 2 year detour in Barcelona, BlackHat Europe has returned to Amsterdam again this year. After spending a few hours on the train, checking in at The Grand Hotel Krasnapolsky, getting my ‘media’ badge (thank you BlackHat) & grabbing a delegate bag, and finally working my way [...]

Posted in Cons and Seminars | Tagged amsterdam, blackhat, blackhat europe, briefings, exist-db, injection, interception, jeff jarmoc, krasnapolsky, lfi, mac framework, mac osx, php, proxy, rfi, sandbox, streams, trustedBSD, vincenzo, xpath, xquery | 2 Comments

Debugging Fun – Putting a process to sleep()

Published February 29, 2012 |

By Corelan Team (Lincoln)

Recently I played with an older CVE (CVE-2008-0532, http://www.securityfocus.com/archive/1/489463, by FX) and I was having trouble debugging the CGI executable where the vulnerable function was located.
Continue reading →

Posted in 001_Security, Exploit Writing Tutorials, Malware and Reversing, Uncategorized | Tagged cgi, corelan, corelan team, cve-2008-0532, debugger, entrypoint, f, function, fx, hook, immunity, isdebuggerpresent, jit, just in time, loop, pefile, python, rva, sleep, www-corelan-be | 1 Comment

Exploit writing tutorial part 11 : Heap Spraying Demystified

Published December 31, 2011 |

By Corelan Team (corelanc0d3r)

A lot has been said and written already about heap spraying, but most of the existing documentation and whitepapers focus on IE7 or older versions.
Although there are a number of public exploits available that target IE8, the exact technique to do so has not been really documented in detail.
Of course, you can probably derive how it works by looking at those public exploits.

With this tutorial, I’m going to provide you with a full and detailed overview on what heap spraying is, and how to use it on old and newer platforms.
I’ll start with some “ancient” techniques (or classic techniques if you will) that can be used on IE6 and IE7.
We’ll also look at heap spraying for non-browser applications.
Next, we’ll talk about precision heap spraying, which is a requirement to make DEP bypass exploits work on IE8.
I’ll finish this tutorial with sharing some of my own research on getting reliable heap spraying to work on IE9.
Continue reading →

Posted in 001_Security, Exploit Writing Tutorials | Tagged 0c0c0c0c, actionscript, adobe, bmp, bstr, corelan, debugger, dep, exploit, exploit writing tutorial, firefox, freelists, gadget, gzip, heap, heapcreate, heaplib, image, immunity, internet explorer, javascript, lookasidelist, low fragmentation heap, metasploit, mona.py, moshe ben abu, pdf, pivot, return oriented programming, rop, ruby, sotirov, spray, string, substring, trancer, virtualalloc, vtable, windbg | 15 Comments

Donations

Published December 9, 2011 |

By Corelan Team (corelanc0d3r)

Now that the Copyright Dispute with Infosec Institute is settled, I am going to do what I promised to do.

During the process of settling the issue, many of you donated some money to help fight plagiarism. A few weeks ago, I announced that I funded all additional legal expenses myself and didn’t had to use any of the donations. That’s great news because that means I could refund the donations to anyone who requested a refund, and donate the remaining sum, on behalf of the people who donated, to good causes.
Continue reading →

Posted in Private | Tagged bat-file-print-mig, brad smith, community, core-lan-team, corelan, corelan team, corelanc0d3r-immunity, disable-ascii-armor, donations, f, metasploitfuzzing, osvdb, Peter Van Eeckhoutte, peter-van-eckhoutte, plagiarism, powershell-printmig-script, print-mig, return-oriented-programming-ascii-armor, ubuntu-disable-ascii-armor, unicef | 1 Comment

Many roads to IAT

Published December 1, 2011 |

By Dinos

A few days ago a friend approached me and asked how he could see the import address table under immunity debugger and if this could be done using the command line.

I figured this would be a good time to take a look at what the IAT is, how we can list the IAT and what common reversing hurdles could be with regards to the IAT.
Continue reading →

Posted in Malware and Reversing | Tagged corelan, iat, ida, immunity, import address directory, import address table, impre, lordpe, monaida-plugin, ollydbg, python, rebuild iat, reconstruct, resetsearchinindex-ps1, restore, reverse, reverse engineering, reversing, view names, windbg | 4 Comments

WoW64 Egghunter

Published November 18, 2011 |

By Corelan Team (Lincoln)

Traditional Egghunter An Egghunter is nothing more than an assembly routine to find shellcode somewhere in memory. We typically deploy an Egghunter when there is no more room in our buffer that we can use to initially redirect EIP to. If we are able to load our shellcode elsewhere in process memory, the Egghunter will [...]

Posted in 001_Security, Exploit Writing Tutorials, Uncategorized | Tagged 32bit, 64bit, access violation, dep, egg, egghunter, fs, hunter, int2, interrupt, matt miller, metasploit, nasm, ntaccesscheckandauditalarm, omelet, shellcode, skape, syscall, sysenter, tag, teb, virtualalloc, virtualprotect, w00t, wow64 | Leave a comment

Copyright Dispute resolved

Published November 18, 2011 |

By Corelan Team (corelanc0d3r)

Hello community, friends, visitors, I can now report that the Infosec Institute (ISI) and myself signed a settlement agreement on november 18, 2011. Please find below the official statement announcing the settlement: ISI admits that it used certain of Peter Van Eeckhoutte’s work without his permission, proper attribution of authorship, or proper copyright notice. ISI [...]

Posted in 001_Security, Private | Tagged binary-infosec, christian-defauw, copyright, copyright-dispute, copywright-disputes, corelan-eeckhoutte-isi, corelan-exploit-writing-boot-camp-videos, corelan-exploitation, corelan-infosec-institute, corelan-isi, corelan-team-bootcamp-vedio, dispute, infosec institute, infosec-corelan, pve pop, pve-exchange-attachment-filter-transport-agent, pve-pop-collector, pve-pop3-collector-exchange-2007-anleitung, resolved, settled | 4 Comments

Page 1 of 1912 3 4 5...10...»Last »

Corelan Team

:: Knowledge is not an object, it's a flow ::

Reversing 101 – Solving a protection scheme

BlackHat EU 2012 – Day 3

BlackHat EU 2012 – Day 2

BlackHat EU 2012 – Day 1

Debugging Fun – Putting a process to sleep()

Exploit writing tutorial part 11 : Heap Spraying Demystified

Donations

Many roads to IAT

WoW64 Egghunter

Copyright Dispute resolved

Corelan on IRC

Actions

Corelan Team Merchandise

Corelan Live training

Stay posted

Categories

Recent posts