Page 10 of 24« First...89101112...20...Last »

How strong is your fu 2 – the report

For anyone interested, this is _sinn3r’s and tecr0c’s writeup of the steps they took to own 4 out of the 5 machines in last weekend’s HSIYF – Hacking for Charity cyber hacking challenge …
Continue reading

How strong is your fu : Hacking for charity

Last weekend, Offensive Security hosted their second cyber hacking challenge, called “HSIYF For Charity”. The goal of this challenge was to raise money for Johnny Long’s “Hackers for Charity” project, a charity organization that tries to feed children, build computer labs etc in East Africa. Each challenger had to donate $49 to be able to […]

Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube

About 3 months after finishing my previous exploit writing related tutorial, I finally found some time and fresh energy to start writing a new article.
In the previous tutorials, I have explained the basics of stack based overflows and how they can lead to arbitrary code execution. I discussed direct RET overflows, SEH based exploits, Unicode and other character restrictions, the use of debugger plugins to speed up exploit development, how to bypass common memory protection mechanisms and how to write your own shellcode.
While the first tutorials were really written to learn the basics about exploit development, starting from scratch (targeting people without any knowledge about exploit development) you have most likely discovered that the more recent tutorials continue to build on those basics and require solid knowledge of asm, creative thinking, and some experience with exploit writing in general.
Today’s tutorial is no different. I will continue to build upon everything we have seen and learned in the previous tutorials. Today I will talk about ROP and how it can be used to bypass DEP (and ASLR)…
Continue reading

Offensive Security Hacking Tournament – How strong was my fu ?

Hi, Over the last 2 days my friends from Corelan Team and I participated in a Hacking Tournament, organized by Offensive Security.  The primary goals of the tournament are : be the first one to grab “secret” information from a machine and post it to the Tournament Control Panel. document your findings and submit them […]

corelanc0d3r interviewed by Slo-Tech

Introduction: We continue our series of interviews with a slightly »unusual« talk this time: Peter Van Eeckhoutte may be unknown to readers who don’t follow the InfoSec scene on a daily basis. But he is well known to the international security community and his name is climbing fast on the list of top security researchers. He’s […]

corelanc0d3r interviewed by CubilFelino Security Research Labs

Hi all, Just wanted to drop a few words about that fact that I have been interview by chr1x (, the maintainer of CubilFelino Security Research Labs (sectester.net). You can read the entire interview here : http://chr1x.sectester.net/corelanc0d3r.php If you have any questions, want to share your thoughts or comments, please use the comments form at […]

Forum restore

Hi all, Due to a server crash this afternoon, I had to restore the forum database from this morning. I have been able to recover some posts from this afternoon, but if you posted questions after 10:00 GMT+1, please check if your posts are still there… If not, please post them again I apologize for […]

Blackhat Europe 2010 Barcelona – Day 10

I got up early this morning, trying to be sharp and well prepared for day 2 of the BlackHat briefings. As some of you may know, I’m not really a morning person, so I usually need some time to wake up and wait until all components in my body start functioning again. After one day […]

Blackhat Europe 2010 Barcelona – Day 01

As some of you might know, I am currently attending Blackhat Europe (hosted in Barcelona this year). So I wanted to take the opportunity to fill you in on the details of this first day of briefings, and provide you with a short overview of the presentations I have attended today. I am most certainly […]

Exploiting Ken Ward Zipper : Taking advantage of payload conversion

In the article I wrote on the abysssec.com website, I explained the steps and techniques needed to build a working exploit for Ken Ward’s zipper. One of the main difficulties I had to overcome when building the exploit, was the character set limitation. I basically could only use a subset of the ascii characters (only […]

Page 10 of 24« First...89101112...20...Last »

Corelan Live training

Since 2011, Corelan GCV has been teaching live win32 exploit dev classes at various security cons and private companies & organizations.

You can read more about the training and schedules here

Demand Global Change

The world needs your help !

Please take a few moments to read the "Demand Global Change Call For Action" document at
http://bit.ly/demandglobalchange
Read the full document at
http://bit.ly/demandglobalchange_full and share the message with as many people as possible.

Like the Facebook page, and SHARE it with everyone you know.



Donate

Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?



Your donation will help funding server hosting.

Protected by Copyscape Web Plagiarism Tool

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Corelan on IRC

You can chat with us and our friends on #corelan (freenode IRC)

Categories