Needles in heaps, allocator primitives, posts, tutorials, papers, research notes ...

Your search for

resolved the following candidate gadgets:

mona.py - the manual

corelanc0d3r July 14, 2011
This document describes the various commands, functionality and behaviour of mona.py. Released on june 16, this pycommand for Immunity Debugger replaces pvefindaddr, solving performance issues and offering numerous new features. pvefindaddr will still be available for download until all of its functionality has been ported over to mona. Read more

Hack Notes : Ropping eggs for breakfast

corelanc0d3r May 12, 2011

Introduction

I think we all agree that bypassing DEP (and ASLR) is no longer a luxury today. As operating systems (such as Windows 7) continue to gain popularity, exploit developers are forced to deal with increasingly more memory protection Read more

Hack Notes : ROP retn+offset and impact on stack setup

corelanc0d3r January 30, 2011

Yesterday, sickn3ss (one of the frequent visitors of the #corelan channel on freenode IRC) posted a really interesting question.

The question

While testing ROP gadgets, as part of the process of building a DEP bypass exploit for WM Downloader, Read more

Death of an ftp client / Birth of Metasploit modules

corelanc0d3r October 12, 2010
Over the past few weeks, Corelan Team has given its undivided attention to fuzzing ftp client applications. Using a custom built ftp client fuzzer, now part of the Metasploit framework, the team has audited several ftp clients and applications that use an embedded client ftp component. One example of such an application is a tool that would synchronize / backup data from a computer to a remote ftp server. The 3 main audit/attack vectors that were used during the "project" were send back overly long responses to ftp commands / requests sent by the ftp client to the server send back a file/directory listing that contains overly long file/folder names try to download a file that has an overly long filename. Read more

QuickZip Stack BOF 0day: a box of chocolates

corelanc0d3r March 27, 2010

Over the last couple of weeks, ever since I published 2 articles on the Offensive Blog, I have received many requests from people asking me if they could get a copy of those articles in pdf format.  My blog Read more

Backtrack 4 cheat sheet

corelanc0d3r July 4, 2009

Download backtrack from http://www.remote-exploit.org/backtrack_download.html. Current version at the time of writing is BT4 Pre-Final.This document is based on BT4 pre-final. Ergo, some of the instructions below may not work with other versions of BT.

FYI : An excellent guide Read more