About the Corelan Team Founded in 2009 by Peter Van Eeckhoutte, Corelan Team was a group of IT Security researchers/enthusiasts/professionals/hobbyists who shared the same interests, mainly focused on 3 things : Research : The team enjoyed working together to perform Read more

Stop just using WinDBG—start bending it to your will. Discover powerful automation, event-driven breakpoints, MASM & C++ expression evaluator, scripting, and PyKD techniques to level up your exploit development and crash analysis. Read more

Introduction

Ok, I have a confession to make, I have always been somewhat intrigued by egghunters. That doesn't mean that I like to use (or abuse) an egghunter just because I fancy what it does. In fact, I Read more

Intro

I receive a lot of emails.  (Please don't make it worse, thanks!)   Unfortunately I don't have as much spare time as I used to, or would like to, so I often have no other choice than Read more

Table of Contents

• Introduction
• Discounts (in alphabetical order):
  • Hak5
  • Hex-Rays
  • Malformity Labs
  • Netsparker
  • No Starch Press
  • Paterva
  • Rapid7
  • SANS
  • Security Roots
  • Syngress
  • Your name here ?

Table of Contents

• Introduction
• Discounts (in alphabetical order):
  • Hak5
  • Hex-Rays
  • Malformity Labs
  • Netsparker
  • Read more

Hi,

A few moments ago, I was informed about an article on www.securelist.com and the fact that Corelan Team was mentioned in that post.  Apparently a researcher at Kaspersky Labs found a piece of text ("You have been owned Read more

Table of Contents

• Foreword
• Introduction
• Analyzing the Crash Data
• Identifying the Cause of Exception
  • Page heap
  • Initial analysis
• Reversing the Faulty Function
• Determining Exploitability
  • Challenges
  • Prerequisites
  • Heap Basics
    • Lookaside Lists
    • Freelists
  • Preventative Security Measures
    • Safe-Unlinking
    • Heap Cookies
  • Application Specific Read more

Introduction

Last week, while doing my bi-weekly courseware review and update, I discovered that my heap spray script for Firefox 9 no longer works on recent versions.  Looking back at the type of tricks I had to use to Read more

A few days ago a friend approached me and asked how he could see the import address table under immunity debugger and if this could be done using the command line. I figured this would be a good time to take a look at what the IAT is, how we can list the IAT and what common reversing hurdles could be with regards to the IAT. Read more

Traditional Egghunter

An Egghunter is nothing more than an assembly routine to find shellcode somewhere in memory. We typically deploy an Egghunter when there is no more room in our buffer that we can use to initially redirect EIP Read more