Peter Van Eeckhoutte (corelanc0d3r)
Black Hat Europe 2013 – Preview
Hola dear friends, There’s only a few days left until Black Hat Europe 2013 opens its doors in the beautiful city of Amsterdam, the Netherlands. Just like past years, I’ll be covering some of the briefings (semi) live on www.corelan.be. I’ve you’re a speaker – I’ll be the dude in the front row, typing […]
DEPS – Precise Heap Spray on Firefox and IE10
Introduction Last week, while doing my bi-weekly courseware review and update, I discovered that my heap spray script for Firefox 9 no longer works on recent versions. Looking back at the type of tricks I had to use to make a precise spray work under Firefox 9 and IE 9, and realizing that these changes […]
Heap Layout Visualization with mona.py and WinDBG
Introduction Time flies. Almost 3 weeks have passed since we announced the ability to run mona.py under WinDBG. A lot of work has been done on mona.py in the meantime. We improved stability and performance, updated to pykd.pyd 0.2.0.14 and ported a few additional immlib methods to windbglib. I figured this would be a good […]
Jingle BOFs, Jingle ROPs, Sploiting all the things… with Mona v2 !!
Ho Ho Ho friends, It has been a while since we posted something on the Corelan Team blog, I guess we all have been busy doing … stuff and things, here and there. Nevertheless, as the year is close to filling up 100%, it’s probably a good time to start thinking about finding some convincing […]
Happy New Year – here’s my special gift to you, corelanc0d3r
I’m not going to spend a lot of words on this. Facts speak for themselves. A short while ago, I discovered this: http://www.hackforums.net/showthread.php?tid=3031925 (you need to register to get access to the thread). Screenshot : idle-hands profile : Reputation I registered a useraccount “corelanc0d3r” and used the “Report” button, but for some reason my user […]
Corelan T-Shirt contest – Derbycon 2012
If you didn’t register your ticket for the Corelan Live Exploit Development training at Derbycon 2012, then there is bad news for you… We’re sold out. Not all is lost though. For the second year in a row, Corelan Team is giving away one free ticket to the Corelan Live training at Derbycon 2012, which […]
HITB2012AMS Day 2 – Ghost in the Allocator
Ghost in the Allocator – Abusing the Windows 7 / 8 Low Fragmentation Heap After introducing himself, Steven Seeley, Senior Penetration Tester and Security Researcher at Stratsec starts his presentation by sharing the talk agenda: Why target the heap manager Heap terms Some Windows 7 theory WIndows 7 exploitation Changes introduced in Windows 8 Heap Windows […]
HITB2012AMS Day 2 – Attacking XML Processing
Attacking XML Processing Dressed in a classy Corelan Team T-Shirt, Nicolas Grégoire kicks off his presentation by introducing himself. Nicolas has been asked by a customer to audit some XML-DSig applications 18 months ago and found a number of bugs. This triggered him to do more research on this topic. This technology is present in […]
HITB2012AMS Day 2 – Taint Analysis
Automatically Searching for Vulnerabilities: How to use Taint Analysis to find Security Flaws (by Alex Bazhanyuk (not present) and Nikita Tarakanov, Reverse Engineers, CISS) Nikita explains they have been working on reversing binaries and auditing source code for a long time. Alex currently works on the BitBlaze work, and moved to the US to […]
HITB2012AMS Day 2 – PostScript – Danger Ahead
Good morning everyone, welcome back at Hack In The Box 2012 Amsterdam ! Before looking at the first talk that I attended today, I would like to mention that you can find copies of the talks and materials on the hitb.org website. Files are made available right after a talk or lab finishes, you […]
Donate
Your donation will help funding server hosting.
