pdf

Exploit writing tutorial part 11 : Heap Spraying Demystified

Published December 31, 2011 | By Peter Van Eeckhoutte (corelanc0d3r)

A lot has been said and written already about heap spraying, but most of the existing documentation and whitepapers focus on IE7 or older versions.
Although there are a number of public exploits available that target IE8, the exact technique to do so has not been really documented in detail.
Of course, you can probably derive how it works by looking at those public exploits.

With this tutorial, I’m going to provide you with a full and detailed overview on what heap spraying is, and how to use it on old and newer platforms.
I’ll start with some “ancient” techniques (or classic techniques if you will) that can be used on IE6 and IE7.
We’ll also look at heap spraying for non-browser applications.
Next, we’ll talk about precision heap spraying, which is a requirement to make DEP bypass exploits work on IE8.
I’ll finish this tutorial with sharing some of my own research on getting reliable heap spraying to work on IE9.
Continue reading

Posted in 001_Security, Exploit Writing Tutorials | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Malicious pdf analysis : from price.zip to flashplayer.exe

Published November 18, 2010 | By Peter Van Eeckhoutte (corelanc0d3r)

This morning, my generic attachment filter for MS Exchange reported that about 100 emails were put in quarantine because they contained a small zip file.
When looking inside the zip file, I found a small pdf file… I immediately figured this file was up to no good, so it was time to get my hands dirty :)
Continue reading

Posted in 001_Security, Exploits, Malware and Reversing | Tagged , , , , , , , , , , , , , , , , , , ,

Offensive Security Exploit Weekend

Published November 13, 2010 | By Sud0

Introduction I’m excited and honored to be able to announce that Sud0, one of our Corelan Team members, has won the Offensive Security Exploit weekend, an exploiting exercise only available to Offensive Security certified alumni. The challenge was built around a vulnerability in Foxit Reader.  Each participant was pointed to a Proof of Concept exploit, […]

Posted in 001_Security, Exploits | Tagged , , , , , , , , , , , , , , , , , , , , , , ,

BruCON 2010 : Day 0x2

Published September 25, 2010 | By Peter Van Eeckhoutte (corelanc0d3r)

[WORKSHOP] – Malicious PDF Analysis I started the second day at BruCON with attending the workshop about analyzing malicious pdf files. Didier Stevens spared no expense and prepared an impressive lab, offering all sorts of pdf exercise files.  Trying to squeeze in weeks and months of research into a 2 hour workshop, he managed to […]

Posted in 001_Security, Cons and Seminars | Tagged , , , , , , , , , , , , , , , , , , , , , ,

Corelan Training

We have been teaching our win32 exploit dev classes at various security cons and private companies & organizations since 2011

Check out our schedules page here and sign up for one of our classes now!

Donate

Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?



Your donation will help funding server hosting.

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Protected by Copyscape Web Plagiarism Tool

Corelan on Slack

You can chat with us and our friends on our Slack workspace:

  • Go to our facebook page
  • Browse through the posts and find the invite to Slack
  • Use the invite to access our Slack workspace

    • Categories

    Mastodon: @corelanc0d3r | @corelan


    Copyright Peter Van Eeckhoutte © 2007 - 2024 | All Rights Reserved | Terms of use