Search Results for: heap overflow
Jingle BOFs, Jingle ROPs, Sploiting all the things… with Mona v2 !!
Ho Ho Ho friends, It has been a while since we posted something on the Corelan Team blog, I guess we all have been busy doing … stuff and things, here and there. Nevertheless, as the year is close to filling up 100%, it’s probably a good time to start thinking about finding some convincing […]
HITB2012AMS Day 2 – Ghost in the Allocator
Ghost in the Allocator – Abusing the Windows 7 / 8 Low Fragmentation Heap After introducing himself, Steven Seeley, Senior Penetration Tester and Security Researcher at Stratsec starts his presentation by sharing the talk agenda: Why target the heap manager Heap terms Some Windows 7 theory WIndows 7 exploitation Changes introduced in Windows 8 Heap Windows […]
HITB2012AMS Day 2 – PostScript – Danger Ahead
Good morning everyone, welcome back at Hack In The Box 2012 Amsterdam ! Before looking at the first talk that I attended today, I would like to mention that you can find copies of the talks and materials on the hitb.org website. Files are made available right after a talk or lab finishes, you […]
BlackHat EU 2012 – Day 3
Good morning, Since doing live-blogging seemed to work out pretty well yesterday, I’ll do the same thing again today. Please join in for day 3 at BlackHat Europe 2012, in a cloudy and rainy Amsterdam. The first talk I attended today was : “Secure Password Managers” and “Military Grade Encryption” on Smartphones Andrey Belenko and […]
Many roads to IAT
A few days ago a friend approached me and asked how he could see the import address table under immunity debugger and if this could be done using the command line.
I figured this would be a good time to take a look at what the IAT is, how we can list the IAT and what common reversing hurdles could be with regards to the IAT.
Continue reading
Metasploit Bounty – the Good, the Bad and the Ugly
On June 14, 2011 HD Moore announced the Metasploit Bounty contest, offering a cash incentive for specific vulnerabilities to be submitted as modules in the Metasploit Framework. Titled “30 exploits, $5000 in 5 weeks”, a post on the Rapid7 blog lists the 30 “bounties” selected by the MSF team, waiting for someone to claim and submit a working exploit module.
Continue reading
mona.py – the manual
This document describes the various commands, functionality and behaviour of mona.py.
Released on june 16, this pycommand for Immunity Debugger replaces pvefindaddr, solving performance issues and offering numerous new features. pvefindaddr will still be available for download until all of its functionality has been ported over to mona.
Continue reading
BlackHat Europe 2011 / Day 01
After having breakfast, chatting with ping and hanging out with @kokanin, @xme and @wimremes, it was time to start attending the various talks.
So, as promised in yesterdays preview, what follows is the report of my first day at Black Hat Europe 2011.
Continue reading
Corelan Training "Corelan Live – Win32 Exploit Development Bootcamp"
Introduction Starting this year, Corelan will be teaching live Win32 exploit development classes at various security conferences. Titled “Corelan Live – Win32 Exploit Development Bootcamp“, this 2-day instructor-led course will teach everything you need to know about writing exploits for a Win32 environment and exploiting stack based vulnerabilities. During the first day, all basics about […]
The Honeypot Incident – How strong is your UF (Reversing FU)
Interested in capturing, documenting and analyzing scans and malicious activity, Corelan Team decided to set up a honeypot and put it online. In the first week of december 2010, Obzy built a machine (default Windows XP SP3 installation, no patches, firewall turned off), named it “EGYPTS-AIRWAYS”, set up a honeypot + some other monitoring tools, and connected it to the internet.
Continue reading
Donate
Your donation will help funding server hosting.
