Blog > Archive by tag 'assemble'

Posts Tagged ‘assemble’

Exploit notes – win32 eggs-to-omelet

August 22nd, 2010 | Author: Peter Van Eeckhoutte
Viewed 1,007 time(s) | LoadingAdd this post to Your Favorite Posts

In article 8 of my exploit writing series, I have introduced the concept of egg hunters, and explained what an omelet hunter is and how it works. Today, I want to share with you my own eggs-to-omelet implementation, explain how it works, and how you can use it in a standalone exploit or in a metasploit module. In case you missed article 8, I’ll start with a short recap and explain the basic concepts of egg hunters and omelet. At the same time, I would like to mention that you might have to read article 8 first before you will understand this post.  This post is not a full blown tutorial, …

Read more »
Posted in 001_Security, Exploit Writing Tutorials | Tags: , , , , , , , , , , , , , , , | No Comments »

Starting to write Immunity Debugger PyCommands : my cheatsheet

January 26th, 2010 | Author: Peter Van Eeckhoutte
Viewed 2,985 time(s) | LoadingAdd this post to Your Favorite Posts

When I started Win32 exploit development many years ago, my preferred debugger at the time was WinDbg (and some Olly). While Windbg is a great and fast debugger, I quickly figured out that some additional/external tools were required to improve my exploit development experience. Despite the fact that the command line oriented approach in windbg has many advantages, it appeared not the best tool to search for good jump addresses, or to list non-safeseh compiled / non-aslr aware modules, etc….  Ok, looking for a simple “jmp esp” is trivial, but what if you are looking for all pop pop ret combinations in non-safeseh compiled modules…   Not an easy task. It is perfectly possible to build plugins for Windbg, but the ones that I have found (MSEC, byakugan (Metasploit)) don’t always work the way I want them …

Read more »
Posted in 001_Security, Development, Exploit Writing Tutorials, Scripts | Tags: , , , , , , , , , , , , , | 5 Comments »

Meet me at Brucon 2010
Meet me at Brucon 2010 !

Corelan Team Merchandise
You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Peter says:
« All of the info and all tools on this blog are free. Keeping this blog in the air is quite expensive.
So if you like what I do and want to show your respect for my work, please consider donating (use the Donate link above)

There is no way I can keep this site up and running without your help.


»     ...     « If you have enjoyed a certain post or like one of my tools, don't forget to vote/rate it !

»     ...     « If you have questions about certain posts, content or tools published on this website, then please use the forums to post questions. Don't write your questions in the Comments section.

»     ...     « If you want to be the first to know about new posts/tools/tutorials on this blog, then subscribe to the mailinglist. Use the 'Subscribe to updates via email' link below (in the Stay posted section)

»
Your profile
Stay posted
Categories


Terms of Use | Copyright © 2008-2010 Peter Van Eeckhoutte´s Blog. All Rights Reserved.
Your IP address : 38.107.191.114 | 57 queries. 1.593 seconds | www.corelan.be - artemis.corelan.be | Uptime Report