Last weekend, Offensive Security hosted their second cyber hacking challenge, called “HSIYF For Charity”. The goal of this challenge was to raise money for Johnny Long’s† “Hackers for Charity” project, a charity organization that tries to feed children, build computer labs etc in East Africa.† Each challenger had to donate $49 to be able to […]
About 3 months after finishing my previous exploit writing related tutorial, I finally found some time and fresh energy to start writing a new article.
In the previous tutorials, I have explained the basics of stack based overflows and how they can lead to arbitrary code execution. I discussed direct RET overflows, SEH based exploits, Unicode and other character restrictions, the use of debugger plugins to speed up exploit development, how to bypass common memory protection mechanisms and how to write your own shellcode.
While the first tutorials were really written to learn the basics about exploit development, starting from scratch (targeting people without any knowledge about exploit development) you have most likely discovered that the more recent tutorials continue to build on those basics and require solid knowledge of asm, creative thinking, and some experience with exploit writing in general.
Today’s tutorial is no different. I will continue to build upon everything we have seen and learned in the previous tutorials. Today I will talk about ROP and how it can be used to bypass DEP (and ASLR)…
Hi, Over the last 2 days my friends from Corelan Team and I participated in a Hacking Tournament, organized by Offensive Security.¬† The primary goals of the tournament are : be the first one to grab “secret” information from a machine and post it to the Tournament Control Panel. document your findings and submit them […]
Introduction: We continue our series of interviews with a slightly ¬Ľunusual¬ę talk this time:¬†Peter Van Eeckhoutte may be unknown to readers who don’t follow the InfoSec scene on a daily basis. But he is well known to the international security community and his name is climbing fast on the list of top security researchers. He’s […]
Hi all, Just wanted to drop a few words about that fact that I have been interview by chr1x (, the maintainer of CubilFelino Security Research Labs (sectester.net). You can read the entire interview here : http://chr1x.sectester.net/corelanc0d3r.php If you have any questions, want to share your thoughts or comments, please use the comments form at […]
Hi all, Due to a server crash this afternoon, I had to restore the forum database from this morning. I have been able to recover some posts from this afternoon, but if you posted questions after 10:00 GMT+1, please check if your posts are still there… If not, please post them again I apologize for […]
I got up early this morning, trying to be sharp and well prepared for day 2 of the BlackHat briefings.† As some of you may know, I’m not really a morning person, so I usually need some time to wake up and wait until all components in my body start functioning again. After one day […]
In the article I wrote on the abysssec.com website, I explained the steps and techniques needed to build a working exploit for Ken Ward’s zipper. One of the main difficulties I had to overcome when building the exploit, was the character set limitation.† I basically could only use a subset of the ascii characters (only […]