find ad user | Corelan Cybersecurity Research - Part 4Corelan Cybersecurity Research

Search Results for: find ad user

HITB2014AMS – Day 1 – State of the ART: Exploring the New Android KitKat Runtime

Published May 29, 2014 |

Good afternoon and welcome back to Hack In the Box. I can’t think of anything better than a talk on ART, the new Android KitKat Runtime, to digest lunch :) Intro ART was introduced in Android 4.4 back in October 2013 and although it is still in an experimental stage, it’s poised to replace Dalvik […]

Posted in Cons and Seminars | Tagged ahead of time compilation, Android, android-art-runtime-reversing, ART, art-elf-files-android, boot.oat, bytecode, corelan-exploiting-android, cydia-substrate-for-android-art-runtime, Dalvik, dex2oat, gdb, hitb2014ams, KitKat, kitkat-root-exploit-apk, llvm, oatdump, Paul Sabanal, Runtine, zygote

Metasploit Meterpreter and NAT

Published January 4, 2014 |

By Peter Van Eeckhoutte (corelanc0d3r)

Professional pentesters typically use a host that is connected directly to the internet, has a public IP address, and is not hindered by any firewalls or NAT devices to perform their audit. Hacking “naked” is considered to be the easiest way to perform a penetration test that involves getting shells back. Not everyone has the […]

Posted in Metasploit, Pentesting | Tagged how-to-hack-nat-metasploit, how-to-use-metasploit-over-internet, httpswww-corelan-beindex-php20140104metasploit-meterpreter-and-nat, kali-metasploit-bind-with-pdf, metasploit, metasploit-behind-nat, metasploit-exploits-xp-sp3, metasploit-over-the-internet-kali, metasploit-targets-my-router, meterpreter, meterpreter-workings, nat, pentesting, port forwarding, reverse connection, reverse nat, reverse_http, reverse_https, reverse_tcp, value-of-lhost-in-metasploit-from-behind-firewall

A chain is only as strong as its weakest link – DNS Hijack Monitoring

Published December 29, 2013 |

By Peter Van Eeckhoutte (corelanc0d3r)

It doesn’t really matter how much time your developers have spent writing secure code and how many layers of security you have implemented to protect your website from being hacked and defaced. Recent incidents have demonstrated that the bad guys will simply look for and find an easier way to hurt your business. Instead of […]

Posted in My Free Tools, Networking, Scripts | Tagged a-chain-is-only-as-strong-as, a-chain-is-only-as-strong-as-the-weakest-link, backtrack-wpa2, changes, corelan, deface, dns, DNS Hijack, dns-hacking, dns-hijacking-in-lan, dnshjmon, ha9-is-only-the-strongest-as-its-weakest-link, hacker, monitor, public dns, record, registrar, report, resolution, teamstrong-and-weakest

Zabbix SQL Injection/RCE – CVE-2013-5743

Published October 4, 2013 |

By Corelan Team (Lincoln)

Table of ContentsIntroductionDisclosure Timeline:Vendor DetailsVulnerability DetailsThe patch Leveraging SQL InjectionCool! We got Admin, now what?Code Execution Further Exploitation? Introduction First off, please do not throw a tomato at me since this is not the typical Windows binary exploit article that is posted on Corelan! During a recent a penetration test, I encountered a host running Zabbix, an […]

Posted in Pentesting, SQL Injection, Web Application Security | Tagged 3, 5743, 5743-views, burp, corelan-be-zabbix-2-0-8, cve-2013-5743, exploit-sql-injection-2013, facebook-sql-injection-2013, got-a-deauthentication, metasploit, pentest, putting-injuction-in-bobs-video-for-free-download, putting-injuction-on-bobs-video-for-download, python-sql-injection-pastebin, single-url-sqli-scanner-php-pastebin, sql injection, web application, zabbix, zabbix-2-0-8-code-execution, zabbix-sql-injector-gratis-download

Root Cause Analysis – Integer Overflows

Published July 2, 2013 |

By Corelan Team (Jason Kratzer)

Table of ContentsForewordIntroductionAnalyzing the Crash DataIdentifying the Cause of ExceptionPage heapInitial analysisReversing the Faulty FunctionDetermining ExploitabilityChallengesPrerequisitesHeap BasicsLookaside ListsFreelistsPreventative Security MeasuresSafe-UnlinkingHeap CookiesApplication Specific ExploitationThoughts on This AttackGeneric Exploitation MethodsLookaside List OverwriteOverviewApplication Specific TechniqueWhy Not?Brett Moore: Wrecking Freelist[0] Since 2005Freelist[0] Insert AttackOverviewApplication Specific TechniqueWhy Not?Freelist[0] Searching AttackOverviewApplication Specific TechniqueWhy Not?ConclusionRecommended Reading Foreword Over the past few years, […]

Posted in Exploit Writing Tutorials, Root Cause Analysis | Tagged !exploitable, determine exploitability, fake chunk, freelist, freelist[0] insert atttack, freelist[0] search atttack, fuzzing, fwptr, gom player, heap, heap overflow, heapbase, integer overflow, lal head, lookasidelist, mona.py, mp4, msec.dll, peach, qt, root cause analysis, windbg

BlackHatEU2013 – Day2 – DropSmack: How cloud synchronization services render your corporate firewall worthless

Published March 15, 2013 |

By Peter Van Eeckhoutte (corelanc0d3r)

Jake Williams (@malwareJake) from CSR Group has more than a decade of experience with systems engineering, network defines, malware reverse engineering, penetration testing and forensics. He spent some good time looking at Cloud synchronization services and is presenting some findings in this talks. First of all, think of Dropbox (or any similar tools) as a […]

Posted in Cons and Seminars | Tagged 2013, blackhat, blackhat europe, blackhat-2013-dropbox, C2, cloud, command and control, core-lan, corelan, dropbox, dropbox-jake-williams, dropsmack, dropsmack-application, exfiltrate, jacob-williams-dropsmack, jake williams, malware, reverse engineering, storage, synchronization

BlackHatEU2013 – Day2 – Who’s really attacking your ICS devices ?

Published March 15, 2013 |

By Peter Van Eeckhoutte (corelanc0d3r)

Kyle Wilhoit, Threat researcher at Trend Micro, explains that he will provide an overview of ICS systems before looking at some interesting attacks at ICS systems. Concerns/Overview of ICS Security and Typical deployments ICS devices are used in production of virtually anything. They are used in water/gas/energy/automobile/manufacturing, etc. They are notoriously insecure in many ways. Software […]

Posted in Cons and Seminars | Tagged 2013, attack-in-ice-cream-sandwich, blackhat, blackhat europe, corelan, corelan-be, corelan-coder, dnp3, honeywall, how-to-perform-dos-attack-on-dnp3-network, ics, ICS devices, kyle wilhoit, modbus, nano, siemens, siemens-s7-1200-dnp3, snort-rules-php-backdoor-encryption, twitter-com-corelan-team, who-really-attacking-your

BlackHatEU2013 – Day1 – Hacking Appliances

Published March 14, 2013 |

By Peter Van Eeckhoutte (corelanc0d3r)

The second talk I’m attending today is presented by Ben Williams, who’s going to talk about “Ironic exploitation of security products”. He explains that, as a pentester/researcher for NCC Group, he gets the chance to do fun pentests and break a lot of stuff. In the past year, he was able to work on auditing […]

Posted in Cons and Seminars | Tagged 2013, appliances, ben williams, blackhat, blackhat europe, blackhat-citrix-access-2013, corelan, corelan team, corelangcv-com, explain-hacker-programs-appliances, exploitation, hacking-appliances, hacking-appliances-ironic-exploitation-of-security-products-ben-williams, hacking-easiky-available-appliances, ironic, pve_portmonitor-zip, sophos, symantec, trendmicro, using-api-win32-functions-pdf

Root Cause Analysis – Memory Corruption Vulnerabilities

Published February 26, 2013 |

By Corelan Team (Jason Kratzer)

Introduction For the past year or so I’ve spent a significant amount of time fuzzing various applications with the hopes of identifying exploitable crashes. Early on in my research I quickly realized that building fuzzers and generating large quantities of crashes, even for heavily targeted applications, was easy. However, determining the exploitability of these crashes, […]

Posted in Exploit Writing Tutorials, Exploits, Fuzzing, Root Cause Analysis | Tagged !exploitable, 4byte, arbitrary write, binary-editor, bitmap, corelan, corruption, determine, exploitability, freelist, fuzzing, heap, kmplayer, kmplayer-corelan-team, mona, msec, peach, pit, race condition, windbg

DEPS – Precise Heap Spray on Firefox and IE10

Published February 19, 2013 |

By Peter Van Eeckhoutte (corelanc0d3r)

Introduction Last week, while doing my bi-weekly courseware review and update, I discovered that my heap spray script for Firefox 9 no longer works on recent versions. Looking back at the type of tricks I had to use to make a precise spray work under Firefox 9 and IE 9, and realizing that these changes […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits, Tools | Tagged button, chrome, corelan, createelement, deps, div, dom, dom element property spray, element, emet, firefox, fontfamily, heap, html5, ie10, internet explorer, property, rop, spray, title, trident, webkit, windbg

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Search Results for: find ad user

HITB2014AMS – Day 1 – State of the ART: Exploring the New Android KitKat Runtime

Metasploit Meterpreter and NAT

A chain is only as strong as its weakest link – DNS Hijack Monitoring

Zabbix SQL Injection/RCE – CVE-2013-5743

Root Cause Analysis – Integer Overflows

BlackHatEU2013 – Day2 – Who’s really attacking your ICS devices ?

BlackHatEU2013 – Day1 – Hacking Appliances

Root Cause Analysis – Memory Corruption Vulnerabilities

DEPS – Precise Heap Spray on Firefox and IE10

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!