Intro

I receive a lot of emails.  (Please don’t make it worse, thanks!)   Unfortunately I don’t have as much spare time as I used to, or would like to, so I often have no other choice than Read more

Table of Contents

• Introduction
• Discounts (in alphabetical order):
  • Hak5
  • Hex-Rays
  • Malformity Labs
  • Netsparker
  • No Starch Press
  • Paterva
  • Rapid7
  • SANS
  • Security Roots
  • Syngress
  • Your name here ?

Table of Contents

• Introduction
• Discounts (in alphabetical order):
  • Hak5
  • Hex-Rays
  • Malformity Labs
  • Netsparker
  • Read more

Hi,

A few moments ago, I was informed about an article on www.securelist.com and the fact that Corelan Team was mentioned in that post.  Apparently a researcher at Kaspersky Labs found a piece of text ("You have been owned Read more

Table of Contents

• Foreword
• Introduction
• Analyzing the Crash Data
• Identifying the Cause of Exception
  • Page heap
  • Initial analysis
• Reversing the Faulty Function
• Determining Exploitability
  • Challenges
  • Prerequisites
  • Heap Basics
    • Lookaside Lists
    • Freelists
  • Preventative Security Measures
    • Safe-Unlinking
    • Heap Cookies
  • Application Specific Read more

A few days ago a friend approached me and asked how he could see the import address table under immunity debugger and if this could be done using the command line. I figured this would be a good time to take a look at what the IAT is, how we can list the IAT and what common reversing hurdles could be with regards to the IAT. Read more

Traditional Egghunter

An Egghunter is nothing more than an assembly routine to find shellcode somewhere in memory. We typically deploy an Egghunter when there is no more room in our buffer that we can use to initially redirect EIP Read more

On June 14, 2011 HD Moore announced the Metasploit Bounty contest, offering a cash incentive for specific vulnerabilities to be submitted as modules in the Metasploit Framework. Titled "30 exploits, $5000 in 5 weeks", a post on the Rapid7 blog lists the 30 "bounties" selected by the MSF team, waiting for someone to claim and submit a working exploit module. Read more

This document describes the various commands, functionality and behaviour of mona.py. Released on june 16, this pycommand for Immunity Debugger replaces pvefindaddr, solving performance issues and offering numerous new features. pvefindaddr will still be available for download until all of its functionality has been ported over to mona. Read more

Introduction

I think we all agree that bypassing DEP (and ASLR) is no longer a luxury today. As operating systems (such as Windows 7) continue to gain popularity, exploit developers are forced to deal with increasingly more memory protection Read more

Yesterday, sickn3ss (one of the frequent visitors of the #corelan channel on freenode IRC) posted a really interesting question.

The question

While testing ROP gadgets, as part of the process of building a DEP bypass exploit for WM Downloader, Read more