DLL Hijacking (KB 2269637) – the unofficial list
Viewed 16,302 time(s)
This page hosts an unofficial list of applications that are said to be vulnerable to the dll hijacking flaw (or feature or whatever you want to call it). Note that I did not test these applications myself. If you have found other applications to be vulnerable and want to add them to the list, send me a mail. Please note that I will not list instances where you have to replace a dll in the application folders. I do …
Exploit notes – win32 eggs-to-omelet
Viewed 1,007 time(s)
In article 8 of my exploit writing series, I have introduced the concept of egg hunters, and explained what an omelet hunter is and how it works. Today, I want to share with you my own eggs-to-omelet implementation, explain how it works, and how you can use it in a standalone exploit or in a metasploit module. In case you missed article 8, I’ll start with a short recap and explain the basic concepts of egg hunters and omelet. At the …
Cisco VoIP Phones – A Hackers Perspective
Viewed 743 time(s)
Introduction In the world of VoIP phones, each person may look at them differently. For some, an annoyance that sit on their desk, or maybe for some it is simply a part of their job either deploying them or as a help desk position taking phone calls all day. This could even go as far as some people that just use them on a daily basis at home or in a lobby. But what about in a professional Penetration Tester’s mind? What kind …
WATOBO – the unofficial manual
Viewed 1,031 time(s)
WATOBO is intended to enable security professionals to perform highly efficient (semi-automated) web application security audits. I am convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities. WATOBO has no attack capabilities and is provided for legal vulnerability audit purposes only. It works like a local proxy, similar to Webscarab, Paros or BurpSuite Additionally, WATOBO supports passive and active checks. Passive checks are more like filter functions. They …
How strong is your fu 2 – the report
Viewed 1,186 time(s) For anyone interested, this is _sinn3r’s and tecr0c’s writeup of the steps they took to own 4 out of the 5 machines in last weekend’s HSIYF – Hacking for Charity cyber hacking challenge …
How strong is your fu : Hacking for charity
Viewed 668 time(s)
Last weekend, Offensive Security hosted their second cyber hacking challenge, called "HSIYF For Charity". The goal of this challenge was to raise money for Johnny Long’s "Hackers for Charity" project, a charity organization that tries to feed children, build computer labs etc in East Africa. Each challenger had to donate $49 to be able to participate in the challenge. That money will be transferred/donated to HFC. Unfortunately, I could not participate myself this time, but I still had …
Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube
Viewed 6,054 time(s) About 3 months after finishing my previous exploit writing related tutorial, I finally found some time and fresh energy to start writing a new article.
In the previous tutorials, I have explained the basics of stack based overflows and how they can lead to arbitrary code execution. I discussed direct RET overflows, SEH based exploits, Unicode and other character restrictions, the use of debugger plugins to speed up exploit development, how to bypass common memory protection mechanisms and how to write your own shellcode.
While the first tutorials were really written to learn the basics about exploit development, starting from scratch (targeting people without any knowledge about exploit development) you have …

