HITB2014AMS – Day 2 – Keynote 4: Hack It Forward

Good morning Amsterdam, good morning readers, welcome to the second day of the Hack In The Box conference. The speaker for the first keynote didn’t show up,  so we’ll jump right into the next keynote. Jennifer starts her keynote by explaining that she’s fortunate to be able to travel to a lot of conferences and […]

HITB2014AMS – Day 1 – Harder, Better, Faster Fuzzer: Advances in BlackBox Evolutionary Fuzzing

Vulnerability Hunting Active security testing, Fabien explains, is the process of generating input which travel in the application, hit a sink and violate a property.  It applies to all kinds of vulnerabilities, not just limited to buffer overflows or memory corruption bugs.   Blackbox and whitebox/greybox testing (both static and dynamic) are ways to perform […]

BlackHatEU2013 – Day2 – Who’s really attacking your ICS devices ?

Kyle Wilhoit, Threat researcher at Trend Micro, explains that he will provide an overview of ICS systems before looking at some interesting attacks at ICS systems. Concerns/Overview of ICS Security and Typical deployments ICS devices are used in production of virtually anything. They are used in water/gas/energy/automobile/manufacturing, etc.  They are notoriously insecure in many ways.  Software […]

BlackHatEU2013 – Day 1 – To dock or not to dock

Time flies !  After hanging out with @repmovsb and @botherder, it’s time for the last talk of the day.  In the “To dock or not to dock, that is the question” talk, Andy Davis, research director at NCC Group shares his research around using laptop docking stations as hardware-based attack platforms. Why docking stations as […]

Corelan T-Shirt contest – Derbycon 2012

If you didn’t register your ticket for the Corelan Live Exploit Development training at Derbycon 2012, then there is bad news for you…   We’re sold out. Not all is lost though. For the second year in a row, Corelan Team is giving away one free ticket to the Corelan Live training at Derbycon 2012, which […]

HITB2012AMS Day 1 – Window Shopping

Window Shopping: Browser Bugs Hunting in 2012 In the last talk of Day 1, Roberto Suggi Liverani and Scott Bell (not present during the presentation),  security consultants at, will share the results of some intensive browser bug hunting research, and will drop 5 0days. Roberto starts by apologizing about the fact that Scott was not […]

Reversing 101 – Solving a protection scheme

In this post, we’ll look at an application reversing challenge from HTS ( resembling a real-life protection scheme.
Put simple, the program creates a key for your username, and compares it to the one you enter.
The goal of the HTS challenge is to create a key generator, but I just want to demonstrate how to retrieve the password.
Continue reading

DLL Hijacking (KB 2269637) – the unofficial list

This page hosts an unofficial list of applications that are said to be vulnerable to the dll hijacking flaw (or feature or whatever you want to call it). Note that I did not test these applications myself. If you have found other applications to be vulnerable and want to add them to the list, send […]

Demand Global Change

The world needs your help !

Please take a few moments to read the "Demand Global Change Call For Action" document at
Read the full document at and share the message with as many people as possible.

Like the Facebook page, and SHARE it with everyone you know.


Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?

Your donation will help funding server hosting.

Protected by Copyscape Web Plagiarism Tool

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Corelan Live training

Since 2011, Corelan GCV has been teaching live win32 exploit dev classes at various security cons and private companies & organizations.

You can read more about the training and schedules here

Corelan on IRC

You can chat with us and our friends on #corelan (freenode IRC)