Needles in heaps, allocator primitives, posts, tutorials, papers, research notes ...

Your search for

resolved the following candidate gadgets:

Exploiting Ken Ward Zipper : Taking advantage of payload conversion

corelanc0d3r March 27, 2010

In the article I wrote on the abysssec.com website, I explained the steps and techniques needed to build a working exploit for Ken Ward’s zipper.

One of the main difficulties I had to overcome when building the exploit, was Read more

Exploit writing tutorial part 9 : Introduction to Win32 shellcoding

corelanc0d3r February 25, 2010

Over the last couple of months, I have written a set of tutorials about building exploits that target the Windows stack. One of the primary goals of anyone writing an exploit is to modify the normal execution flow of Read more

Exploit writing tutorial part 8 : Win32 Egg Hunting

corelanc0d3r January 9, 2010

Introduction

Easter is still far away, so this is probably the right time to talk about ways to hunting for eggs (so you would be prepared when the easter bunny brings you another 0day vulnerability)

In the first parts Read more

Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR

corelanc0d3r September 21, 2009

Introduction

In all previous tutorials in this Exploit writing tutorial series, we have looked at building exploits that would work on Windows XP / 2003 server.

The success of all of these exploits (whether they are based on direct Read more

Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development

corelanc0d3r September 5, 2009

In the first parts of this exploit writing tutorial, I have mainly used Windbg as a tool to watch registers and stack contents while evaluating crashes and building exploits. Today, I will discuss some other debuggers and debugger plugins Read more

Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics

corelanc0d3r August 12, 2009

In the first parts of the exploit writing tutorial, I have discussed some common vulnerabilities that can lead to 2 types of exploits : stack based buffer overflows (with direct EIP overwrite), and stack based buffer overflows that take Read more

Exploit writing tutorial part 3b : SEH Based Exploits – just another example

corelanc0d3r July 28, 2009

In the previous tutorial post, I have explained the basics of SEH based exploits. I have mentioned that in the most simple case of an SEH based exploit, the payload is structured like this :

[Junk][next SEH][SEH][Shellcode]

I Read more

Exploit writing tutorial part 3 : SEH Based Exploits

corelanc0d3r July 25, 2009

In the first 2 parts of the exploit writing tutorial series, I have discussed how a classic stack buffer overflow works and how you can build a reliable exploit by using various techniques to jump to the shellcode.  The Read more

Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode

corelanc0d3r July 23, 2009

Where do you want to jmp today ?

In one of my previous posts (part 1 of writing stack based buffer overflow exploits), I have explained the basisc about discovering a vulnerability and using that information to build a Read more

About

corelanc0d3r March 16, 2026
About me Hi, My name is Peter Van Eeckhoutte. You may know me as corelanc0d3r or as the "Corelan" guy. I was born in 1975 and spent my childhood in a small town called Vichte, Belgium.14 years later, I Read more