About the Corelan Team Founded in 2009 by Peter Van Eeckhoutte, Corelan Team was a group of IT Security researchers/enthusiasts/professionals/hobbyists who shared the same interests, mainly focused on 3 things : Research : The team enjoyed working together to perform Read more

Introduction

Ok, I have a confession to make, I have always been somewhat intrigued by egghunters. That doesn't mean that I like to use (or abuse) an egghunter just because I fancy what it does. In fact, I Read more

Intro

I receive a lot of emails.  (Please don't make it worse, thanks!)   Unfortunately I don't have as much spare time as I used to, or would like to, so I often have no other choice than Read more

Table of Contents

• Introduction
• Discounts (in alphabetical order):
  • Hak5
  • Hex-Rays
  • Malformity Labs
  • Netsparker
  • No Starch Press
  • Paterva
  • Rapid7
  • SANS
  • Security Roots
  • Syngress
  • Your name here ?

Table of Contents

• Introduction
• Discounts (in alphabetical order):
  • Hak5
  • Hex-Rays
  • Malformity Labs
  • Netsparker
  • Read more

Table of Contents

• Foreword
• Introduction
• Analyzing the Crash Data
• Identifying the Cause of Exception
  • Page heap
  • Initial analysis
• Reversing the Faulty Function
• Determining Exploitability
  • Challenges
  • Prerequisites
  • Heap Basics
    • Lookaside Lists
    • Freelists
  • Preventative Security Measures
    • Safe-Unlinking
    • Heap Cookies
  • Application Specific Read more

Introduction

Last week, while doing my bi-weekly courseware review and update, I discovered that my heap spray script for Firefox 9 no longer works on recent versions.  Looking back at the type of tricks I had to use to Read more

A few days ago a friend approached me and asked how he could see the import address table under immunity debugger and if this could be done using the command line. I figured this would be a good time to take a look at what the IAT is, how we can list the IAT and what common reversing hurdles could be with regards to the IAT. Read more

Traditional Egghunter

An Egghunter is nothing more than an assembly routine to find shellcode somewhere in memory. We typically deploy an Egghunter when there is no more room in our buffer that we can use to initially redirect EIP Read more

On June 14, 2011 HD Moore announced the Metasploit Bounty contest, offering a cash incentive for specific vulnerabilities to be submitted as modules in the Metasploit Framework. Titled "30 exploits, $5000 in 5 weeks", a post on the Rapid7 blog lists the 30 "bounties" selected by the MSF team, waiting for someone to claim and submit a working exploit module. Read more

This document describes the various commands, functionality and behaviour of mona.py. Released on june 16, this pycommand for Immunity Debugger replaces pvefindaddr, solving performance issues and offering numerous new features. pvefindaddr will still be available for download until all of its functionality has been ported over to mona. Read more