Page 1 of 212

Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR

Introduction In all previous tutorials in this Exploit writing tutorial series, we have looked at building exploits that would work on Windows XP / 2003 server. The success of all of these exploits (whether they are based on direct ret overwrite or exception handler structure overwrites) are based on the fact that a reliable return […]

Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development

In the first parts of this exploit writing tutorial, I have mainly used Windbg as a tool to watch registers and stack contents while evaluating crashes and building exploits. Today, I will discuss some other debuggers and debugger plugins that will help you speed up this process. A typical exploit writing toolkit arsenal should at […]

Installing Windows 7 from a USB key

Microsoft has announced that it will support Windows 7 installations from a USB key. This will allow people to install Windows 7 on systems that do not have a DVD drive (yes, Windows 7 will also run quite fast on your old notebook that only has 1Gb of RAM and does not have a DVD […]

Fixing ‘Compatibility Mode grayed out’ or ‘Unable to enable Run as administrator’ on Vista / Windows 2008 Server

Ever wondered how you can set Compatibility Mode on executables under Vista / Windows 2008 server when the settings (or even the entire tab) has been disabled ? Or make the application “run as administrator” permanently, and you’ve found that this setting is disabled ? All of the settings in the Compatibility tab can be […]

Windows XP L2TP over IPSec dialup client VPN to a Juniper ScreenOS firewall, using Certificates

Before looking at the various configuration steps, we’ll have to take the following assumptions into account : – We don’t want to use the Netscreen Remote client, but we want to use the Windows XP built-in dialup VPN technology that allows us to build PPTP or L2TP/IPSec connections.  Juniper screenOS does not support PPTP (which […]

Icons Shortcuts and SendTo items in Windows XP/2003/Vista/2008

Fixing missing icons & shortcuts : Send To "Compressed Folder" is missing : Click Start->Run In the "open" box, type "cmd" (without the quotes) Click ok Enter the following command and press "return" rundll32 zipfldr.dll,RegisterSendto (you should not get any warnings or errors) The first time you are trying to zip, you may be prompted […]

IP Autotuning in Vista

At any given time, the amount that TCP can send is governed by three factors: the congestion window, the receive window and the number of bytes available to send. Without using TCP window scaling (which is disabled by default in previous versions of Windows), the maximum receive window a receiver can advertise is 64K bytes. […]

System/Disk Backup in Vista using command line script

Microsoft has implemented a really neat feature in Vista Business, Enterprise and Ultimate, allowing you to perform a full disk or even system backup, while the system is running. This new backup tool used Block Level backup and uses Volume Shadow Copy to backup open files (however, it is advised to close your applications while […]

Open a command prompt with system rights in Vista (and XP)

First of all, download psexec from the Microsoft website.     From and elevated/admin command prompt (cmd.exe, "run as administrator"), run psexec –s cmd.exe    C:\>whoami peter C:\>psexec -s cmd.exe PsExec v1.83 – Execute processes remotely Copyright (C) 2001-2007 Mark Russinovich Sysinternals – Microsoft Windows [Version 6.0.6000] Copyright (c) 2006 Microsoft Corporation.  All […]

Run explorer window with administrator rights in Vista

Easy, don’t you think ?  Right click explorer(.exe), choose "run as administrator" and you’re set ?    Nope – doesn’t work !  And this is why    The UAC (User Account Control) feature in Vista provides a user with two tokens when he logs on… a token that is bound to his real user rights, […]

Page 1 of 212

Demand Global Change

The world needs your help !

Please take a few moments to read the "Demand Global Change Call For Action" document at
Read the full document at and share the message with as many people as possible.

Like the Facebook page, and SHARE it with everyone you know.


Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?

Your donation will help funding server hosting.

Protected by Copyscape Web Plagiarism Tool

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Corelan Live training

Since 2011, Corelan GCV has been teaching live win32 exploit dev classes at various security cons and private companies & organizations.

You can read more about the training and schedules here

Corelan on IRC

You can chat with us and our friends on #corelan (freenode IRC)