immunity debugger

Jingle BOFs, Jingle ROPs, Sploiting all the things… with Mona v2 !!

Ho Ho Ho friends, It has been a while since we posted something on the Corelan Team blog, I guess we all have been busy doing … stuff and things, here and there.  Nevertheless, as the year is close to filling up 100%, it’s probably a good time to start thinking about finding some convincing […]

Reversing 101 – Solving a protection scheme

In this post, we’ll look at an application reversing challenge from HTS (hackthissite.org) resembling a real-life protection scheme.
Put simple, the program creates a key for your username, and compares it to the one you enter.
The goal of the HTS challenge is to create a key generator, but I just want to demonstrate how to retrieve the password.
Continue reading

mona.py – the manual

This document describes the various commands, functionality and behaviour of mona.py.

Released on june 16, this pycommand for Immunity Debugger replaces pvefindaddr, solving performance issues and offering numerous new features. pvefindaddr will still be available for download until all of its functionality has been ported over to mona.
Continue reading

Mona 1.0 released !

FINALLY !
After spending almost 6 months of designing, developing and testing, and after ‘surviving’ 2 presentations (at AthCon and Hack In Paris), I am extremely excited and proud to present, on behalf of the entire Corelan Team, the general availability of mona.py.

With this announcement, we also declare pvefindaddr officially dead from this point forward. (This doesn’t mean pvefindaddr is now entirely worthless, because not all functions have been ported into mona yet, but we won’t be releasing any updates to pvefindaddr anymore and the entire project page/download page will eventually disappear)
Continue reading

Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube

About 3 months after finishing my previous exploit writing related tutorial, I finally found some time and fresh energy to start writing a new article.
In the previous tutorials, I have explained the basics of stack based overflows and how they can lead to arbitrary code execution. I discussed direct RET overflows, SEH based exploits, Unicode and other character restrictions, the use of debugger plugins to speed up exploit development, how to bypass common memory protection mechanisms and how to write your own shellcode.
While the first tutorials were really written to learn the basics about exploit development, starting from scratch (targeting people without any knowledge about exploit development) you have most likely discovered that the more recent tutorials continue to build on those basics and require solid knowledge of asm, creative thinking, and some experience with exploit writing in general.
Today’s tutorial is no different. I will continue to build upon everything we have seen and learned in the previous tutorials. Today I will talk about ROP and how it can be used to bypass DEP (and ASLR)…
Continue reading

Starting to write Immunity Debugger PyCommands : my cheatsheet

When I started Win32 exploit development many years ago, my preferred debugger at the time was WinDbg (and some Olly). While Windbg is a great and fast debugger, I quickly figured out that some additional/external tools were required to improve my exploit development experience. Despite the fact that the command line oriented approach in windbg […]

Corelan Training

We have been teaching our win32 exploit dev classes at various security cons and private companies & organizations since 2011

Check out our schedules page here and sign up for one of our classes now!

Donate

Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?



Your donation will help funding server hosting.

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Protected by Copyscape Web Plagiarism Tool

Corelan on Slack

You can chat with us and our friends on our Slack workspace:

  • Go to our facebook page
  • Browse through the posts and find the invite to Slack
  • Use the invite to access our Slack workspace
  • Categories