Posts:

A lot has been said and written already about heap spraying, but most of the existing documentation and whitepapers focus on IE7 or older versions. Although there are a number of public exploits available that target IE8, the exact technique to do so has not been really documented in detail. Of course, you can probably derive how it works by looking at those public exploits. With this tutorial, I'm going to provide you with a full and detailed overview on what heap spraying is, and how to use it on old and newer platforms. I'll start with some "ancient" techniques (or classic techniques if you will) that can be used on IE6 and IE7. We'll also look at heap spraying for non-browser applications. Next, we'll talk about precision heap spraying, which is a requirement to make DEP bypass exploits work on IE8. I'll finish this tutorial with sharing some of my own research on getting reliable heap spraying to work on IE9. Read more

This morning, my generic attachment filter for MS Exchange reported that about 100 emails were put in quarantine because they contained a small zip file. When looking inside the zip file, I found a small pdf file… I immediately figured this file was up to no good, so it was time to get my hands dirty :) Read more

Introduction

I’m excited and honored to be able to announce that Sud0, one of our Corelan Team members, has won the Offensive Security Exploit weekend, an exploiting exercise only available to Offensive Security certified alumni.

The challenge Read more

[WORKSHOP] – Malicious PDF Analysis

I started the second day at BruCON with attending the workshop about analyzing malicious pdf files.

Didier Stevens spared no expense and prepared an impressive lab, offering all sorts of pdf exercise files.  Read more