About a month after releasing an ftp client fuzzer module for Metasploit, I decided to release yet another fuzzer module I have been working on over the last few weeks.
This new module can be used to audit Read more
Last week (oct 17 2010), Lincoln (one of the Corelan Team members) informed the other team members about an ongoing hacking challenge (HaXx.Me #03) organized and hosted by MaXe (@intern0t).
When I saw his message, it was already Sunday Read more
In memory fuzzing is a technique that allows the analyst to bypass parsers; network-related limitations such as max connections, buit-in IDS or flooding protection; encrypted or unknown (poorly documented) protocol in order to fuzz the actual underlying assembly Read more
Some of you may have already noticed … Corelan team decided to open an official channel on IRC (freenode). About 24 hours ago, the channel went live and we have had the pleasure to greeting about 50 users Read more
I started the second day at BruCON with attending the workshop about analyzing malicious pdf files.
Didier Stevens spared no expense and prepared an impressive lab, offering all sorts of pdf exercise files. Read more
After hearing a lot of great things about the first edition of BruCON (in 2009), I decided to attend the con this year. The fact that BruCON is gaining popularity and established a lot of recognition in the industry Read more
This page hosts an unofficial list of applications that are said to be vulnerable to the dll hijacking flaw (or feature or whatever you want to call it). Note that I did not test these applications myself.
If you Read more
In article 8 of my exploit writing series, I have introduced the concept of egg hunters, and explained what an omelet hunter is and how it works.
Today, I want to share with you my own eggs-to-omelet implementation, explain Read more
