Page 10 – Corelan | Exploit Development & Vulnerability Research

WATOBO – the unofficial manual

WATOBO is intended to enable security professionals to perform highly efficient (semi-automated) web application security audits. I am convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.

How strong is your fu 2 – the report

For anyone interested, this is _sinn3r's and tecr0c's writeup of the steps they took to own 4 out of the 5 machines in last weekend's HSIYF - Hacking for Charity cyber hacking challenge ... Read more

How strong is your fu : Hacking for charity

Last weekend, Offensive Security hosted their second cyber hacking challenge, called "HSIYF For Charity".

The goal of this challenge was to raise money for Johnny Long’s "Hackers for Charity" project, a charity organization that tries to feed Read more

Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube

About 3 months after finishing my previous exploit writing related tutorial, I finally found some time and fresh energy to start writing a new article. In the previous tutorials, I have explained the basics of stack based overflows and how they can lead to arbitrary code execution. I discussed direct RET overflows, SEH based exploits, Unicode and other character restrictions, the use of debugger plugins to speed up exploit development, how to bypass common memory protection mechanisms and how to write your own shellcode. While the first tutorials were really written to learn the basics about exploit development, starting from scratch (targeting people without any knowledge about exploit development) you have most likely discovered that the more recent tutorials continue to build on those basics and require solid knowledge of asm, creative thinking, and some experience with exploit writing in general. Today's tutorial is no different. I will continue to build upon everything we have seen and learned in the previous tutorials. Today I will talk about ROP and how it can be used to bypass DEP (and ASLR)... Read more

Offensive Security Hacking Tournament – How strong was my fu ?

Hi,

Over the last 2 days my friends from Corelan Team and I participated in a Hacking Tournament, organized by Offensive Security. The primary goals of the tournament are :

be the first one to grab “secret” Read more

corelanc0d3r interviewed by Slo-Tech

Introduction: We continue our series of interviews with a slightly »unusual« talk this time: Peter Van Eeckhoutte may be unknown to readers who don’t follow the InfoSec scene on a daily basis. But he is well known to Read more

corelanc0d3r interviewed by CubilFelino Security Research Labs

Hi all,

Just wanted to drop a few words about that fact that I have been interview by chr1x (, the maintainer of CubilFelino Security Research Labs (sectester.net).

You can read the entire interview here : http://chr1x.sectester.net/corelanc0d3r.php

If you Read more

Forum restore

Hi all,

Due to a server crash this afternoon, I had to restore the forum database from this morning. I have been able to recover some posts from this afternoon, but if you posted questions after 10:00 GMT+1, please Read more

Blackhat Europe 2010 Barcelona – Day 10

I got up early this morning, trying to be sharp and well prepared for day 2 of the BlackHat briefings. As some of you may know, I’m not really a morning person, so I usually need some time to Read more

Blackhat Europe 2010 Barcelona – Day 01

As some of you might know, I am currently attending Blackhat Europe (hosted in Barcelona this year). So I wanted to take the opportunity to fill you in on the details of this first day of briefings, and provide Read more

Posts: