Traditional Egghunter An Egghunter is nothing more than an assembly routine to find shellcode somewhere in memory. We typically deploy an Egghunter when there is no more room in our buffer that we can use to initially redirect EIP to. If we are able to load our shellcode elsewhere in process … Continue reading
This document describes the various commands, functionality and behaviour of mona.py.
Released on june 16, this pycommand for Immunity Debugger replaces pvefindaddr, solving performance issues, offering numerous improvements and introducing tons of new features. pvefindaddr will … Continue reading
Introduction Over the last few weeks, there has been some commotion about a universal DEP/ASLR bypass routine using ROP gadgets from msvcr71.dll and the fact that it might have been copied into an exploit submitted to Metasploit as part of the Metasploit bounty. For the record, I don't know … Continue reading
FINALLY ! After spending almost 5 months of designing, developing and testing, and after 'surviving' 2 presentations (at AthCon and Hack In Paris), I am extremely excited and proud to present, on behalf of the entire Corelan Team, the general availability of mona.py. Together with this … Continue reading
Introduction I think we all agree that bypassing DEP (and ASLR) is no longer a luxury today. As operating systems (such as Windows 7) continue to gain popularity, exploit developers are forced to deal with increasingly more memory protection mechanisms, including DEP and ASLR. From a defense … Continue reading