meterpreter
Metasploit Meterpreter and NAT
Professional pentesters typically use a host that is connected directly to the internet, has a public IP address, and is not hindered by any firewalls or NAT devices to perform their audit. Hacking “naked” is considered to be the easiest way to perform a penetration test that involves getting shells back. Not everyone has the […]
HITB2012AMS Day 2 – Attacking XML Processing
Attacking XML Processing Dressed in a classy Corelan Team T-Shirt, Nicolas Grégoire kicks off his presentation by introducing himself. Nicolas has been asked by a customer to audit some XML-DSig applications 18 months ago and found a number of bugs. This triggered him to do more research on this topic. This technology is present in […]
Metasploit Bounty – the Good, the Bad and the Ugly
On June 14, 2011 HD Moore announced the Metasploit Bounty contest, offering a cash incentive for specific vulnerabilities to be submitted as modules in the Metasploit Framework. Titled “30 exploits, $5000 in 5 weeks”, a post on the Rapid7 blog lists the 30 “bounties” selected by the MSF team, waiting for someone to claim and submit a working exploit module.
Continue reading →
Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics
In the first parts of the exploit writing tutorial, I have discussed some common vulnerabilities that can lead to 2 types of exploits : stack based buffer overflows (with direct EIP overwrite), and stack based buffer overflows that take advantage of SEH chains. In my examples, I have used perl to demonstrate how to build […]
Corelan Training
Check out our schedules page here and sign up for one of our classes now!
Donate
![](/wp-content/uploads/2014/01/donate_btc_to_corelan_thumb.png)
Your donation will help funding server hosting.
Corelan Team Merchandise
Corelan on Slack
You can chat with us and our friends on our Slack workspace: