Exploits (39)

With mona v3, debugger automation took a major leap forward. Now, with the new tellme / ai command, mona can collect crash context, heap information, registers, call stacks, disassembly, memory mappings, PoC files, heapdynamics logs, and more — and turn all of it into structured AI-ready analysis requests. Whether you want fully automated API-driven workflows with OpenAI or Anthropic, or prefer manually reviewing and submitting requests yourself, tellme brings modern AI-assisted crash triage and debugger automation directly into WinDBG and WinDBGX. This article dives deep into how it works, how to customize it, and how to build repeatable, reusable AI-assisted exploit analysis workflows on modern Windows targets. Read more

The original Corelan exploit writing tutorials helped a generation of security researchers understand how memory corruption really works. Today, we continue that journey with a second video in the series — revisiting Exploit Writing Tutorial Part 2 using a modern Windows 11 x64 lab environment, WinDBG, and mona.py. In this video, we dive into jump code, execution flow redirection, and custom jump techniques that remain essential knowledge for understanding stack-based exploitation and exploit reliability. Read more

Long overdue… but today it finally happened. We’re proud to announce the release of mona v3. This new version brings Python 2 and Python 3 compatibility (Python 3 recommended), support for both 32-bit and 64-bit targets, full integration with WinDBG and WinDBGX, continued compatibility with Immunity Debugger, and the use of the pykd-ext bootstrapper. It also includes a substantial refactor and modernization of the codebase, making it faster, leaner, and better prepared for the future. This post covers what changed, key improvements, important prerequisites, installation and migration guidance, and the current list of supported commands. Continue reading to learn all the details and discover how to get mona v3 up and running in your environment. Download links, setup instructions, and the GitHub repository are provided further down in this post. Read more

The Corelan tutorials helped shape how exploit development is learned worldwide and inspired generations of security researchers. Now you can watch them come to life. Read more

Introduction

Ok, I have a confession to make, I have always been somewhat intrigued by egghunters. That doesn't mean that I like to use (or abuse) an egghunter just because I fancy what it does. In fact, I Read more

Introduction

Hi all,

While preparing for my Advanced exploit dev course at Derbycon, I've been playing with heap allocation primitives in IE.  One of the things that causes some frustration (or, at least, tends to slow me down during Read more

Hi all,

I have received a ton of questions regarding a recently published ZDI advisory, which provides some details about a bug I discovered and reported to Microsoft (via ZDI), affecting Internet Explorer 8.  I wanted to take Read more

Introduction

For the past year or so I've spent a significant amount of time fuzzing various applications with the hopes of identifying exploitable crashes.  Early on in my research I quickly realized that building fuzzers and generating large quantities Read more

Introduction

Last week, while doing my bi-weekly courseware review and update, I discovered that my heap spray script for Firefox 9 no longer works on recent versions.  Looking back at the type of tricks I had to use to Read more

Introduction

Time flies. Almost 3 weeks have passed since we announced the ability to run mona.py under WinDBG.  A lot of work has been done on mona.py in the meantime.  We improved stability and performance, updated to pykd.pyd 0.2.0.14 Read more