Search Results for:

Case Study: SolarWinds Orion (video)

Special Thanks: To my wife for putting up with my crap. Also SolarWinds for keeping an open communication while fixing the issue. And of course… Corelan Team :P Audio: Many thanks to DJ Great Scott for supplying me with the music. Definitely check out some of his work! http://soundcloud.com/greatscott http://glitch.fm/ Music in Video: Defcon (Samples […]

Malicious pdf analysis : from price.zip to flashplayer.exe

This morning, my generic attachment filter for MS Exchange reported that about 100 emails were put in quarantine because they contained a small zip file.
When looking inside the zip file, I found a small pdf file… I immediately figured this file was up to no good, so it was time to get my hands dirty :)
Continue reading

Offensive Security Exploit Weekend

Introduction I’m excited and honored to be able to announce that Sud0, one of our Corelan Team members, has won the Offensive Security Exploit weekend, an exploiting exercise only available to Offensive Security certified alumni. The challenge was built around a vulnerability in Foxit Reader.  Each participant was pointed to a Proof of Concept exploit, […]

Metasploit module : HTTP Form field fuzzer

Introduction About a month after releasing an ftp client fuzzer module for Metasploit, I decided to release yet another fuzzer module I have been working on over the last few weeks. This new module can be used to audit web servers/web server plugins/components/filters, by fuzzing form fields and optionally fuzz some header fields. While this […]

HaXx.Me #3 – Corelan Team documentation

Last week (oct 17 2010), Lincoln (one of the Corelan Team members) informed the other team members about an ongoing hacking challenge (HaXx.Me #03) organized and hosted by MaXe (@intern0t). When I saw his message, it was already Sunday night and I knew I had to get up early the next day. Nevertheless I chose […]

In Memory Fuzzing

Introduction In memory fuzzing is a technique that allows the analyst to bypass parsers; network-related limitations such as max connections, buit-in IDS or flooding protection; encrypted or unknown (poorly documented) protocol in order to fuzz the actual underlying assembly routines that are potentially vulnerable. Prior to the development of my fuzzing toolset, I was unsatisfied […]

Corelan official IRC channel online (freenode)

#corelan Some of you may have already noticed … Corelan team decided to open an official channel on IRC (freenode).  About 24 hours ago, the channel went live and we have had the pleasure to greeting about 50 users in the channel since that time.  That’s great ! As a lot of people mentioned in […]

Death of an ftp client / Birth of Metasploit modules

Over the past few weeks, Corelan Team has given its undivided attention to fuzzing ftp client applications.

Using a custom built ftp client fuzzer, now part of the Metasploit framework, the team has audited several ftp clients and applications that use an embedded client ftp component. One example of such an application is a tool that would synchronize / backup data from a computer to a remote ftp server.

The 3 main audit/attack vectors that were used during the “project” were

send back overly long responses to ftp commands / requests sent by the ftp client to the server
send back a file/directory listing that contains overly long file/folder names
try to download a file that has an overly long filename.
Continue reading

BruCON 2010 : Day 0x2

[WORKSHOP] – Malicious PDF Analysis I started the second day at BruCON with attending the workshop about analyzing malicious pdf files. Didier Stevens spared no expense and prepared an impressive lab, offering all sorts of pdf exercise files.  Trying to squeeze in weeks and months of research into a 2 hour workshop, he managed to […]

BruCON 2010 : Day 0x1

After hearing a lot of great things about the first edition of BruCON (in 2009), I decided to attend the con this year.  The fact that BruCON is gaining popularity and established a lot of recognition in the industry already, combined with the fact that it takes place in Brussels, Belgium (my home country), it […]

Corelan Training

We have been teaching our win32 exploit dev classes at various security cons and private companies & organizations since 2011

Check out our schedules page here and sign up for one of our classes now!

Donate

Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?



Your donation will help funding server hosting.

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Protected by Copyscape Web Plagiarism Tool

Corelan on Slack

You can chat with us and our friends on our Slack workspace:

  • Go to our facebook page
  • Browse through the posts and find the invite to Slack
  • Use the invite to access our Slack workspace
  • Categories