Root Cause Analysis – Memory Corruption Vulnerabilities
Introduction For the past year or so I’ve spent a significant amount of time fuzzing various applications with the hopes of identifying exploitable crashes. Early on in my research I quickly realized that building fuzzers and generating large quantities of crashes, even for heavily targeted applications, was easy. However, determining the exploitability of these crashes, […]
DEPS – Precise Heap Spray on Firefox and IE10
Introduction Last week, while doing my bi-weekly courseware review and update, I discovered that my heap spray script for Firefox 9 no longer works on recent versions. Looking back at the type of tricks I had to use to make a precise spray work under Firefox 9 and IE 9, and realizing that these changes […]
Heap Layout Visualization with mona.py and WinDBG
Introduction Time flies. Almost 3 weeks have passed since we announced the ability to run mona.py under WinDBG. A lot of work has been done on mona.py in the meantime. We improved stability and performance, updated to pykd.pyd 0.2.0.14 and ported a few additional immlib methods to windbglib. I figured this would be a good […]
Happy New Year – here’s my special gift to you, corelanc0d3r
I’m not going to spend a lot of words on this. Facts speak for themselves. A short while ago, I discovered this: http://www.hackforums.net/showthread.php?tid=3031925 (you need to register to get access to the thread). Screenshot : idle-hands profile : Reputation I registered a useraccount “corelanc0d3r” and used the “Report” button, but for some reason my user […]
Corelan T-Shirt contest – Derbycon 2012
If you didn’t register your ticket for the Corelan Live Exploit Development training at Derbycon 2012, then there is bad news for you… We’re sold out. Not all is lost though. For the second year in a row, Corelan Team is giving away one free ticket to the Corelan Live training at Derbycon 2012, which […]
HITB2012AMS Day 1 – Window Shopping
Window Shopping: Browser Bugs Hunting in 2012 In the last talk of Day 1, Roberto Suggi Liverani and Scott Bell (not present during the presentation), security consultants at Security-Assessment.com, will share the results of some intensive browser bug hunting research, and will drop 5 0days. Roberto starts by apologizing about the fact that Scott was not […]
HITB2012AMS Day 1 – One Flew Over The Cuckoos Nest
One Flew Over The Cuckoos Nest – Automated Malware Analysis Claudio Guarnieri, senior researcher at iSight Partner, and part of the Shadowserver Foundation and the HoneyPot project. He works with malware on a daily basis, maintains malwr.com and is the main developer of the Cuckoo Sandbox, which is also the main topic of his talk. […]
HITB2012AMS Day 1 – Intro and Keynote
Introduction Good morning everyone, After spending a couple of hours on the train, picking up my HITB badge, meeting with some of the organizers and having a great evening hanging out with Steven Seeley, Roberto Suggi Liverani, Nicolas Grégoire, Andy Ellis, Didier Stevens, and some other folks, conference time has arrived. With the conference taking place […]
Hack In The Box Amsterdam 2012 – Preview
In less than a week from now, Hack In The Box Amsterdam will open its 2012 edition. The conference will take place in the Okura Hotel, and features 3 days of training, 2 days of quad-track talks, a CTF and HackWEEKDAY, a 12 hour hackathon hosted alongside the actual confererence. The line-up looks promising…
Continue reading
Reversing 101 – Solving a protection scheme
In this post, we’ll look at an application reversing challenge from HTS (hackthissite.org) resembling a real-life protection scheme.
Put simple, the program creates a key for your username, and compares it to the one you enter.
The goal of the HTS challenge is to create a key generator, but I just want to demonstrate how to retrieve the password.
Continue reading
Donate
Your donation will help funding server hosting.
