Posts:

Metasploit Meterpreter and NAT

Professional pentesters typically use a host that is connected directly to the internet, has a public IP address, and is not hindered by any firewalls or NAT devices to perform their audit. Hacking "naked" is considered to be the Read more

Read More

HITB2012AMS Day 2 – Attacking XML Processing

Attacking XML Processing

Dressed in a classy Corelan Team T-Shirt, Nicolas Grégoire kicks off his presentation by introducing himself. Nicolas has been asked by a customer to audit some XML-DSig applications 18 months ago and found a number of Read more

Read More

Metasploit Bounty – the Good, the Bad and the Ugly

On June 14, 2011 HD Moore announced the Metasploit Bounty contest, offering a cash incentive for specific vulnerabilities to be submitted as modules in the Metasploit Framework. Titled "30 exploits, $5000 in 5 weeks", a post on the Rapid7 blog lists the 30 "bounties" selected by the MSF team, waiting for someone to claim and submit a working exploit module. Read more
Read More

Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics

In the first parts of the exploit writing tutorial, I have discussed some common vulnerabilities that can lead to 2 types of exploits : stack based buffer overflows (with direct EIP overwrite), and stack based buffer overflows that take Read more

Read More