plugin

Heap Layout Visualization with mona.py and WinDBG

Published January 18, 2013 |

Introduction Time flies. Almost 3 weeks have passed since we announced the ability to run mona.py under WinDBG. A lot of work has been done on mona.py in the meantime. We improved stability and performance, updated to pykd.pyd 0.2.0.14 and ported a few additional immlib methods to windbglib. I figured this would be a good […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits, mona, Tools | Tagged block, chunk, corelan, corelanc0d3r, debugger, heap, knowledgebase, layout, microsoft-windbg-heap, mona, mona-heap-find, mona-py-heap, mona-py-heap-find, mona-py-windbg, mona.py, plugin, pykd.pyd, segment, visualization, windbg

Jingle BOFs, Jingle ROPs, Sploiting all the things… with Mona v2 !!

Published December 31, 2012 |

By Peter Van Eeckhoutte (corelanc0d3r)

Ho Ho Ho friends, It has been a while since we posted something on the Corelan Team blog, I guess we all have been busy doing … stuff and things, here and there. Nevertheless, as the year is close to filling up 100%, it’s probably a good time to start thinking about finding some convincing […]

Posted in Development, Exploit Writing Tutorials, Exploits, My Free Tools, Scripts | Tagged debugger, exploit, extension, immunity, immunity debugger, jingle-bofs, mona, mona-albertini, mona-py-2-windbg, mona-windbg, mona.py, new year, plugin, present, pycommand, pykd, python, windbg, windbg-mona-py, www-corelan-be

mona.py – the manual

Published July 14, 2011 |

By Peter Van Eeckhoutte (corelanc0d3r)

This document describes the various commands, functionality and behaviour of mona.py.

Released on june 16, this pycommand for Immunity Debugger replaces pvefindaddr, solving performance issues and offering numerous new features. pvefindaddr will still be available for download until all of its functionality has been ported over to mona.
Continue reading →

Posted in 001_Security, Exploit Writing Tutorials | Tagged automation, corelan, corelanc0d3r, documentation, exploit, exploit development, immunity, immunity debugger, metasploit, mona, mona.py, pattern, plugin, pycommand, python, rapid7, rop, rop automation, rop gadget, suggest

Starting to write Immunity Debugger PyCommands : my cheatsheet

Published January 26, 2010 |

By Peter Van Eeckhoutte (corelanc0d3r)

When I started Win32 exploit development many years ago, my preferred debugger at the time was WinDbg (and some Olly). While Windbg is a great and fast debugger, I quickly figured out that some additional/external tools were required to improve my exploit development experience. Despite the fact that the command line oriented approach in windbg […]

Posted in 001_Security, Development, Exploit Writing Tutorials, Scripts | Tagged api, assemble, cheatsheet, debugger, disassemble, hoe-to-use-mona-at-immunity-debugger, immlib, immunity, immunity debugger, immunity-cheatsheet, immunity-debugger-strcat, module, plugin, pycommand, python, readmemory, script, softice-debuger, tuto-immunity-debugger-python, tutorial-debugging-using-immunity

Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR

Published September 21, 2009 |

By Peter Van Eeckhoutte (corelanc0d3r)

Introduction In all previous tutorials in this Exploit writing tutorial series, we have looked at building exploits that would work on Windows XP / 2003 server. The success of all of these exploits (whether they are based on direct ret overwrite or exception handler structure overwrites) are based on the fact that a reliable return […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged !aslrdynamicbase, 2003, 4141414, 8, access violation, add esp, address space layout randomization, adjust ebp, adjust esi, alwaysoff, alwayson, aslr, before function returns, buffer, buffer overflow, bypass, call, compiler, cookie, data execution prevention, dep, dword ptr, exception handler, exploit, gs, hack, handler, immdbg, immunity, jmp, jump, Kifastsystemcallret, ldrpchecknxcompatibility, linker, loaded module, mov al, moveimages, next seh, non exec, nseh, ntsetinformationprocess, nx, ollydbg, optin, optout, partial overwrite, plugin, prevention, processexecute, protection, protectvirtualmemory, pvefindaddr, pycommand, python, ret2libc, safeseh, saved ebp, saved eip, se handler, se structure, sehop, stack, stack overflow, switch, virtual function call, vista, windbg, windows 7, xd, xp

Nessus/OpenVAS wrapper for ike-scan

Published January 30, 2009 |

By Peter Van Eeckhoutte (corelanc0d3r)

ike-scan is a great tool to audit VPN/IPSec implementations. This tool, which runs under Lunix, Unix, MacOS and Windows, can be found at www.nta-monitor.com/tools/ike-scan/ (Latest version at time of writing is 1.9). My Nessus ike-scan NASL wrapper may or may not work with earlier versions or newer versions, so test test test) Some of the […]

Posted in 001_Security, Linux and Unix, My Free Tools, Networking | Tagged 001_Security, audit, download, free, free tool, groupid, ike, ike-scan, ipsec, ipsec-team-blog, nasl, nessus, openvas, phase1, plugin, prevent-ike-scan, proposal, scan, script, vpn

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Heap Layout Visualization with mona.py and WinDBG

Jingle BOFs, Jingle ROPs, Sploiting all the things… with Mona v2 !!

mona.py – the manual

Starting to write Immunity Debugger PyCommands : my cheatsheet

Nessus/OpenVAS wrapper for ike-scan

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!