Exploit Writing Tutorials (41)

Introduction

For the past year or so I've spent a significant amount of time fuzzing various applications with the hopes of identifying exploitable crashes.  Early on in my research I quickly realized that building fuzzers and generating large quantities Read more

Table of Contents

• Foreword
• Introduction
• Analyzing the Crash Data
• Identifying the Cause of Exception
  • Page heap
  • Initial analysis
• Reversing the Faulty Function
• Determining Exploitability
  • Challenges
  • Prerequisites
  • Heap Basics
    • Lookaside Lists
    • Freelists
  • Preventative Security Measures
    • Safe-Unlinking
    • Heap Cookies
  • Application Specific Read more

Introduction

Hi all,

While preparing for my Advanced exploit dev course at Derbycon, I've been playing with heap allocation primitives in IE.  One of the things that causes some frustration (or, at least, tends to slow me down during Read more

Introduction

Hi all,

Over the course of the past few weeks ago, I received a number of "emergency" calls from some relatives, asking me to look at their computer because "things were broken", "things looked different" and "I think Read more

Introduction

Ok, I have a confession to make, I have always been somewhat intrigued by egghunters. That doesn't mean that I like to use (or abuse) an egghunter just because I fancy what it does. In fact, I Read more

Table of Contents

• Introduction
• Why WinDBG?
  • Symbols?
• Installing WinDBG Classic and WinDBGX
  • Why do we need both?
  • Scripted/automated installation
  • Manual Installation
    • Classic WinDBG
    • WinDBGX
  • Microsoft Symbol Server
  • Verify if both versions work
• Connecting to a process
  • Open executable vs Read more

The Corelan tutorials helped shape how exploit development is learned worldwide and inspired generations of security researchers. Now you can watch them come to life. Read more

Stop just using WinDBG—start bending it to your will. Discover powerful automation, event-driven breakpoints, MASM & C++ expression evaluator, scripting, and PyKD techniques to level up your exploit development and crash analysis. Read more

Long overdue… but today it finally happened. We’re proud to announce the release of mona v3. This new version brings Python 2 and Python 3 compatibility (Python 3 recommended), support for both 32-bit and 64-bit targets, full integration with WinDBG and WinDBGX, continued compatibility with Immunity Debugger, and the use of the pykd-ext bootstrapper. It also includes a substantial refactor and modernization of the codebase, making it faster, leaner, and better prepared for the future. This post covers what changed, key improvements, important prerequisites, installation and migration guidance, and the current list of supported commands. Continue reading to learn all the details and discover how to get mona v3 up and running in your environment. Download links, setup instructions, and the GitHub repository are provided further down in this post. Read more

The original Corelan exploit writing tutorials helped a generation of security researchers understand how memory corruption really works. Today, we continue that journey with a second video in the series — revisiting Exploit Writing Tutorial Part 2 using a modern Windows 11 x64 lab environment, WinDBG, and mona.py. In this video, we dive into jump code, execution flow redirection, and custom jump techniques that remain essential knowledge for understanding stack-based exploitation and exploit reliability. Read more