Peter Van Eeckhoutte (corelanc0d3r)
HITB2014AMS – Day 1 – State of the ART: Exploring the New Android KitKat Runtime
Good afternoon and welcome back to Hack In the Box. I can’t think of anything better than a talk on ART, the new Android KitKat Runtime, to digest lunch :) Intro ART was introduced in Android 4.4 back in October 2013 and although it is still in an experimental stage, it’s poised to replace Dalvik […]
HITB2014AMS – Day 1 – Harder, Better, Faster Fuzzer: Advances in BlackBox Evolutionary Fuzzing
Vulnerability Hunting Active security testing, Fabien explains, is the process of generating input which travel in the application, hit a sink and violate a property. It applies to all kinds of vulnerabilities, not just limited to buffer overflows or memory corruption bugs. Blackbox and whitebox/greybox testing (both static and dynamic) are ways to perform […]
HITB2014AMS – Day 1 – Keynote 2: Building a Strategic Defense Against the Global Threat Landscape
Kristin starts her keynote by explaining that she has been in the business about 22 years ago and used to be in public services. A long time ago, she married a husband who was in the military and ran a program for spouses to meet/connect while their husbands were deployed. During one of the meetings, […]
HITB2014AMS – Day 1 – Keynote 1: Security at the End of the Universe
Good morning friends, welcome to Hack In The Box 2014, hosted at “De Beurs van Berlage” in the beautiful city of Amsterdam. This year’s edition starts with a keynote by Katie Moussouris, previous lead at Microsoft Security Response Center (MSRC) and now the brand new Chief Policy Officer at HackerOne. Katie starts the keynote by […]
HITB2014AMS – Hack In The Box / Haxpo 2014 Amsterdam
Dear friends, I’m getting ready for a short trip to Amsterdam, to attend the 5th Hack In The Box conference tomorrow … and I’m “hashtag” excited about it. HITB Haxpo and HITB2014AMS feature and amazing schedule of talks, an impressive selection of speakers and offers numerous side-events and I really can’t think of a better place […]
On CVE-2014-1770 / ZDI-14-140 : Internet Explorer 8 "0day"
Hi all, I have received a ton of questions regarding a recently published ZDI advisory, which provides some details about a bug I discovered and reported to Microsoft (via ZDI), affecting Internet Explorer 8. I wanted to take a few moments to clarify some of the confusion and answer some of the questions in this […]
Happy 5th Birthday Corelan Team
Table of ContentsIntroductionDiscounts (in alphabetical order):Hak5Hex-RaysMalformity LabsNetsparkerNo Starch PressPatervaRapid7SANSSecurity RootsSyngressYour name here ? Introduction Corelan Team was founded in September of 2009. Over the last few years, the team has written and published numerous tutorials on exploit development. We have created a series of tools and scripts, and worked with vendors/developers across the globe to […]
Corelan Team reply to false allegation made by Kaspersky
Hi, A few moments ago, I was informed about an article on www.securelist.com and the fact that Corelan Team was mentioned in that post. Apparently a researcher at Kaspersky Labs found a piece of text (“You have been owned by CorelanX”) inside a malware sample and concluded that, due to the mere presence of that […]
Metasploit Meterpreter and NAT
Professional pentesters typically use a host that is connected directly to the internet, has a public IP address, and is not hindered by any firewalls or NAT devices to perform their audit. Hacking “naked” is considered to be the easiest way to perform a penetration test that involves getting shells back. Not everyone has the […]
A chain is only as strong as its weakest link – DNS Hijack Monitoring
It doesn’t really matter how much time your developers have spent writing secure code and how many layers of security you have implemented to protect your website from being hacked and defaced. Recent incidents have demonstrated that the bad guys will simply look for and find an easier way to hurt your business. Instead of […]
Donate
Your donation will help funding server hosting.
