{"id":11291,"date":"2026-03-05T21:30:09","date_gmt":"2026-03-05T20:30:09","guid":{"rendered":"https:\/\/www2.corelan.be\/?page_id=11291"},"modified":"2026-03-06T13:19:29","modified_gmt":"2026-03-06T12:19:29","slug":"articles","status":"publish","type":"page","link":"https:\/\/www.corelan.be\/index.php\/articles\/","title":{"rendered":"Corelan Articles | Exploit Writing Tutorials &#038; Cybersecurity Insights"},"content":{"rendered":"<p>\n\t\t\t\t<h3 id=\"cat_active-directory\">Active Directory<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/12\/free-tool-find-where-ad-users-are-logged-on-into\/\">Free tool : Find out where your AD Users are logged on into<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2007\/11\/18\/free-tool-pve-active-directory-disable-users\/\">Free tool &ndash; PVE Active Directory Disable Users<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_certificates\">Certificates<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/04\/10\/free-tool-windows-2008-certificate-authority-certificate-list-utility-for-pending-requests-and-about-to-expire-certificates\/\">Free tool : Windows 2003\/2008 Certificate Authority Certificate List Utility for pending requests and about-to-expire certificates<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_cisco\">Cisco<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/07\/27\/cisco-voip-phones-a-hackers-perspective\/\">Cisco VoIP Phones &ndash; A Hackers Perspective<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/10\/21\/script-to-backup-cisco-switches-via-telnet-tftp\/\">Script to backup Cisco switches via telnet \/ tftp<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2008\/07\/27\/free-tool-cisco-ironport-c350-safelist-blocklist-merge-utility\/\">Free Tool - Cisco Ironport C350 Safelist \/ Blocklist merge utility<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2008\/06\/22\/cisco-switch-ios-cheat-sheet\/\">Cisco switch IOS cheat sheet<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_cons-seminars\">Cons and Seminars<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/15\/blackhateu2013-day2-dropsmack-how-cloud-synchronization-services-render-your-corporate-firewall-worthless\/\">BlackHatEU2013 - Day2 - DropSmack: How cloud synchronization services render your corporate firewall worthless<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/15\/blackhateu2013-day2-advanced-heap-manipulation-in-windows-8\/\">BlackHatEU2013 - Day2 - Advanced Heap Manipulation in Windows 8<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/15\/blackhateu2013-day2-whos-really-attacking-your-ics-devices\/\">BlackHatEU2013 - Day2 - Who's really attacking your ICS devices ?<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/15\/blackhateu2013-day2-the-sandbox-roulette-are-you-ready-to-ramble\/\">BlackHatEU2013 - Day2 - The Sandbox Roulette: Are you ready to ramble<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day-1-to-dock-or-not-to-dock\/\">BlackHatEU2013 - Day 1 - To dock or not to dock<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hardening-windows-8-apps-for-the-windows-store\/\">BlackHatEU2013 - Day1 - Hardening Windows 8 Apps for the Windows Store<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/\">BlackHatEU2013 - Day1 - Hacking Appliances<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/\">BlackHatEU2013 - Day1 - Practical Attacks against MDM solutions<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-ghost-in-the-allocator\/\">HITB2012AMS Day 2 - Ghost in the Allocator<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-attacking-xml-processing\/\">HITB2012AMS Day 2 - Attacking XML Processing<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-taint-analysis\/\">HITB2012AMS Day 2 - Taint Analysis<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/25\/hitb2012ams-day-2-postscript-danger-ahead\/\">HITB2012AMS Day 2 - PostScript - Danger Ahead<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-window-shopping\/\">HITB2012AMS Day 1 - Window Shopping<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-one-flew-over-the-cuckoos-nest\/\">HITB2012AMS Day 1 - One Flew Over The Cuckoos Nest<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-winrt-the-metro-politan-museum-of-security\/\">HITB2012AMS Day 1 - WinRT The Metro-politan Museum of Security<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/\">HITB2012AMS Day 1 - Intro and Keynote<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/17\/hack-in-the-box-amsterdam-2012-preview\/\">Hack In The Box Amsterdam 2012 - Preview<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/03\/16\/blackhat-eu-2012-day-3\/\">BlackHat EU 2012 - Day 3<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/03\/15\/blackhat-eu-2012-day-2\/\">BlackHat EU 2012 - Day 2<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/09\/14\/corelan-t-shirt-contest-derbycon-2011\/\">Corelan T-Shirt Contest - Derbycon 2011<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/07\/12\/rop-your-way-into-b-sides-las-vegas-2011\/\">ROP your way into B-Sides Las Vegas 2011<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/30\/honeynet-workshop-2011\/\">Honeynet Workshop 2011<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/18\/blackhat-europe-2011-day-02\/\">BlackHat Europe 2011 \/ Day 02<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/17\/blackhat-europe-2011-day-01\/\">BlackHat Europe 2011 \/ Day 01<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/04\/16\/blackhat-europe-2010-barcelona-day-10\/\">Blackhat Europe 2010 Barcelona - Day 10<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/04\/14\/blackhat-europe-2010-barcelona-day-1\/\">Blackhat Europe 2010 Barcelona - Day 01<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_corelan-free-tools\">Corelan Free Tools<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2016\/01\/31\/encfsgui-gui-wrapper-around-encfs-for-osx\/\">EncFSGui - GUI Wrapper around encfs for OSX<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/12\/31\/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2\/\">Jingle BOFs, Jingle ROPs, Sploiting all the things... with Mona v2 !!<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/10\/21\/script-to-backup-cisco-switches-via-telnet-tftp\/\">Script to backup Cisco switches via telnet \/ tftp<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/10\/19\/fuzzing-with-metasploit-simple-ftp-fuzzer\/\">Fuzzing with Metasploit : Simple FTP fuzzer<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/12\/free-tool-find-where-ad-users-are-logged-on-into\/\">Free tool : Find out where your AD Users are logged on into<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/06\/20\/exchange-20072010-renaming-attachments-on-the-fly-custom-transport-agent\/\">Exchange 2007\/2010 : Renaming attachments &lsquo;on the fly&rsquo; - custom transport agent<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/04\/10\/free-tool-windows-2008-certificate-authority-certificate-list-utility-for-pending-requests-and-about-to-expire-certificates\/\">Free tool : Windows 2003\/2008 Certificate Authority Certificate List Utility for pending requests and about-to-expire certificates<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/01\/30\/nessus-wrapper-for-ike-scan\/\">Nessus\/OpenVAS wrapper for ike-scan<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/01\/28\/monitoring-your-network-with-powershell\/\">Monitoring your network with Powershell<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2008\/09\/26\/free-tool-pve-tcp-ping-utility\/\">Free tool - PVE TCP Ping Utility &ndash; v1.0.0.1<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2008\/07\/27\/free-tool-cisco-ironport-c350-safelist-blocklist-merge-utility\/\">Free Tool - Cisco Ironport C350 Safelist \/ Blocklist merge utility<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2008\/07\/21\/free-tool-attachment-filtering-with-exchange-2007-custom-transport-agent\/\">Free tool - Attachment filtering with Exchange 2007\/2010 (custom transport agent)<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2008\/05\/19\/free-tool-exchange-2007-outbound-smtp-gateway-redundancy\/\">Free Tool - Exchange 2007 Outbound SMTP gateway redundancy<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2007\/11\/18\/free-tool-pve-active-directory-disable-users\/\">Free tool &ndash; PVE Active Directory Disable Users<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_crypto\">Crypto<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2016\/01\/31\/encfsgui-gui-wrapper-around-encfs-for-osx\/\">EncFSGui - GUI Wrapper around encfs for OSX<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_debugging\">Debugging<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/07\/02\/root-cause-analysis-integer-overflows\/\">Root Cause Analysis &ndash; Integer Overflows<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/01\/18\/heap-layout-visualization-with-mona-py-and-windbg\/\">Heap Layout Visualization with mona.py and WinDBG<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/02\/26\/root-cause-analysis-memory-corruption-vulnerabilities\/\">Root Cause Analysis &ndash; Memory Corruption Vulnerabilities<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/12\/31\/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2\/\">Jingle BOFs, Jingle ROPs, Sploiting all the things... with Mona v2 !!<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/02\/29\/debugging-fun-putting-a-process-to-sleep\/\">Debugging Fun - Putting a process to sleep()<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/04\/03\/hitb-2011-ctf-reversing-vectored-exception-handling-veh\/\">HITB 2011 CTF - Reversing Vectored Exception Handling (VEH)<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/14\/codegate-2011-ctf-binary200-anti-debugging-techniques\/\">Codegate 2011 CTF - Binary200 - Anti Debugging Techniques Explained<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/02\/27\/anti-debugging-tricks-revealed-defcon-ctf-qualifications-2009-bin300-analysis\/\">Anti-debugging tricks revealed - Defcon CTF Qualifications 2009: Bin300 Analysis<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/01\/26\/starting-to-write-immunity-debugger-pycommands-my-cheatsheet\/\">Starting to write Immunity Debugger PyCommands : my cheatsheet<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/09\/05\/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development\/\">Exploit writing tutorial part 5 : How debugger modules &amp; plugins can speed up basic exploit development<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_development\">Development<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/12\/31\/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2\/\">Jingle BOFs, Jingle ROPs, Sploiting all the things... with Mona v2 !!<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/01\/26\/starting-to-write-immunity-debugger-pycommands-my-cheatsheet\/\">Starting to write Immunity Debugger PyCommands : my cheatsheet<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_exchange\">MS Exchange<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/06\/20\/exchange-20072010-renaming-attachments-on-the-fly-custom-transport-agent\/\">Exchange 2007\/2010 : Renaming attachments &lsquo;on the fly&rsquo; - custom transport agent<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2008\/07\/21\/free-tool-attachment-filtering-with-exchange-2007-custom-transport-agent\/\">Free tool - Attachment filtering with Exchange 2007\/2010 (custom transport agent)<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2008\/05\/19\/free-tool-exchange-2007-outbound-smtp-gateway-redundancy\/\">Free Tool - Exchange 2007 Outbound SMTP gateway redundancy<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_exploit-writing-tutorials\">Exploit Writing Tutorials<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2016\/07\/05\/windows-10-x86wow64-userland-heap\/\">Windows 10 x86\/wow64 Userland heap<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/07\/02\/root-cause-analysis-integer-overflows\/\">Root Cause Analysis &ndash; Integer Overflows<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/02\/19\/deps-precise-heap-spray-on-firefox-and-ie10\/\">DEPS - Precise Heap Spray on Firefox and IE10<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/01\/18\/heap-layout-visualization-with-mona-py-and-windbg\/\">Heap Layout Visualization with mona.py and WinDBG<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/02\/26\/root-cause-analysis-memory-corruption-vulnerabilities\/\">Root Cause Analysis &ndash; Memory Corruption Vulnerabilities<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/12\/31\/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2\/\">Jingle BOFs, Jingle ROPs, Sploiting all the things... with Mona v2 !!<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/02\/29\/debugging-fun-putting-a-process-to-sleep\/\">Debugging Fun - Putting a process to sleep()<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/12\/31\/exploit-writing-tutorial-part-11-heap-spraying-demystified\/\">Exploit writing tutorial part 11 : Heap Spraying Demystified<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/11\/18\/wow64-egghunter\/\">WoW64 Egghunter<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/07\/03\/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py\/\">Universal DEP\/ASLR bypass with msvcr71.dll and mona.py<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/05\/12\/hack-notes-ropping-eggs-for-breakfast\/\">Hack Notes : Ropping eggs for breakfast<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/01\/30\/hack-notes-rop-retnoffset-and-impact-on-stack-setup\/\">Hack Notes : ROP retn+offset and impact on stack setup<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/06\/16\/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube\/\">Exploit writing tutorial part 10 : Chaining DEP with ROP - the Rubik's[TM] Cube<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/03\/27\/exploiting-ken-ward-zipper-taking-advantage-of-payload-conversion\/\">Exploiting Ken Ward Zipper : Taking advantage of payload conversion<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/03\/22\/ken-ward-zipper-exploit-write-up-on-abysssec-com\/\">Ken Ward Zipper exploit write-up on abysssec.com<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/03\/15\/quickzip-exploit-article-part-2-released-on-offsec-blog\/\">QuickZip exploit article part 2 released on OffSec Blog<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/02\/25\/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding\/\">Exploit writing tutorial part 9 : Introduction to Win32 shellcoding<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/01\/26\/starting-to-write-immunity-debugger-pycommands-my-cheatsheet\/\">Starting to write Immunity Debugger PyCommands : my cheatsheet<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/01\/09\/exploit-writing-tutorial-part-8-win32-egg-hunting\/\">Exploit writing tutorial part 8 : Win32 Egg Hunting<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/11\/06\/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc\/\">Exploit writing tutorial part 7 : Unicode - from 0x00410041 to calc<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/09\/21\/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr\/\">Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/09\/05\/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development\/\">Exploit writing tutorial part 5 : How debugger modules &amp; plugins can speed up basic exploit development<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/08\/12\/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics\/\">Exploit writing tutorial part 4 : From Exploit to Metasploit - The basics<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/28\/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b\/\">Exploit writing tutorial part 3b : SEH Based Exploits - just another example<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/25\/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh\/\">Exploit writing tutorial part 3 : SEH Based Exploits<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/23\/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2\/\">Exploit writing tutorial part 2 : Stack Based Overflows - jumping to shellcode<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/19\/exploit-writing-tutorial-part-1-stack-based-overflows\/\">Exploit writing tutorial part 1 : Stack Based Overflows<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_exploits\">Exploits<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/02\/19\/deps-precise-heap-spray-on-firefox-and-ie10\/\">DEPS - Precise Heap Spray on Firefox and IE10<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/01\/18\/heap-layout-visualization-with-mona-py-and-windbg\/\">Heap Layout Visualization with mona.py and WinDBG<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/02\/26\/root-cause-analysis-memory-corruption-vulnerabilities\/\">Root Cause Analysis &ndash; Memory Corruption Vulnerabilities<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/12\/31\/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2\/\">Jingle BOFs, Jingle ROPs, Sploiting all the things... with Mona v2 !!<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/07\/27\/metasploit-bounty-the-good-the-bad-and-the-ugly\/\">Metasploit Bounty - the Good, the Bad and the Ugly<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/07\/03\/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py\/\">Universal DEP\/ASLR bypass with msvcr71.dll and mona.py<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/05\/12\/hack-notes-ropping-eggs-for-breakfast\/\">Hack Notes : Ropping eggs for breakfast<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/01\/30\/hack-notes-rop-retnoffset-and-impact-on-stack-setup\/\">Hack Notes : ROP retn+offset and impact on stack setup<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/01\/31\/the-honeypot-incident-how-strong-is-your-uf-reversing-fu\/\">The Honeypot Incident - How strong is your UF (Reversing FU)<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/10\/12\/death-of-an-ftp-client\/\">Death of an ftp client \/ Birth of Metasploit modules<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/06\/16\/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube\/\">Exploit writing tutorial part 10 : Chaining DEP with ROP - the Rubik's[TM] Cube<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/03\/27\/exploiting-ken-ward-zipper-taking-advantage-of-payload-conversion\/\">Exploiting Ken Ward Zipper : Taking advantage of payload conversion<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/03\/22\/ken-ward-zipper-exploit-write-up-on-abysssec-com\/\">Ken Ward Zipper exploit write-up on abysssec.com<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/01\/09\/exploit-writing-tutorial-part-8-win32-egg-hunting\/\">Exploit writing tutorial part 8 : Win32 Egg Hunting<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/11\/06\/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc\/\">Exploit writing tutorial part 7 : Unicode - from 0x00410041 to calc<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/10\/19\/fuzzing-with-metasploit-simple-ftp-fuzzer\/\">Fuzzing with Metasploit : Simple FTP fuzzer<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/09\/21\/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr\/\">Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/09\/05\/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development\/\">Exploit writing tutorial part 5 : How debugger modules &amp; plugins can speed up basic exploit development<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/08\/12\/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics\/\">Exploit writing tutorial part 4 : From Exploit to Metasploit - The basics<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/28\/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b\/\">Exploit writing tutorial part 3b : SEH Based Exploits - just another example<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/25\/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh\/\">Exploit writing tutorial part 3 : SEH Based Exploits<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/23\/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2\/\">Exploit writing tutorial part 2 : Stack Based Overflows - jumping to shellcode<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/19\/exploit-writing-tutorial-part-1-stack-based-overflows\/\">Exploit writing tutorial part 1 : Stack Based Overflows<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_fuzzing-security\">Fuzzing<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/02\/26\/root-cause-analysis-memory-corruption-vulnerabilities\/\">Root Cause Analysis &ndash; Memory Corruption Vulnerabilities<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/10\/20\/in-memory-fuzzing\/\">In Memory Fuzzing<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_linux\">Linux and Unix<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/02\/27\/cheat-sheet-installing-snorby-2-2-with-apache2-and-suricata-with-barnyard2-on-ubuntu-10-x\/\">Cheat sheet : Installing Snorby 2.2 with Apache2 and Suricata with Barnyard2 on Ubuntu 10.x<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/01\/30\/nessus-wrapper-for-ike-scan\/\">Nessus\/OpenVAS wrapper for ike-scan<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_malware-and-reversing\">Malware and Reversing<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/12\/10\/using-dbi-for-solving-reverse-engineering-101-newbie-contest-from-elearnsecurity\/\">Using DBI for solving Reverse Engineering 101 &ndash; Newbie Contest from eLearnSecurity<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/14\/reversing-101-solving-a-protectionscheme\/\">Reversing 101 - Solving a protection scheme<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/02\/29\/debugging-fun-putting-a-process-to-sleep\/\">Debugging Fun - Putting a process to sleep()<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/12\/01\/roads-iat\/\">Many roads to IAT<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/04\/03\/hitb-2011-ctf-reversing-vectored-exception-handling-veh\/\">HITB 2011 CTF - Reversing Vectored Exception Handling (VEH)<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/30\/honeynet-workshop-2011\/\">Honeynet Workshop 2011<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/14\/codegate-2011-ctf-binary200-anti-debugging-techniques\/\">Codegate 2011 CTF - Binary200 - Anti Debugging Techniques Explained<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/02\/27\/anti-debugging-tricks-revealed-defcon-ctf-qualifications-2009-bin300-analysis\/\">Anti-debugging tricks revealed - Defcon CTF Qualifications 2009: Bin300 Analysis<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/01\/31\/the-honeypot-incident-how-strong-is-your-uf-reversing-fu\/\">The Honeypot Incident - How strong is your UF (Reversing FU)<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_mona\">mona<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/01\/18\/heap-layout-visualization-with-mona-py-and-windbg\/\">Heap Layout Visualization with mona.py and WinDBG<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_networking\">Networking<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/02\/27\/cheat-sheet-installing-snorby-2-2-with-apache2-and-suricata-with-barnyard2-on-ubuntu-10-x\/\">Cheat sheet : Installing Snorby 2.2 with Apache2 and Suricata with Barnyard2 on Ubuntu 10.x<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/10\/21\/script-to-backup-cisco-switches-via-telnet-tftp\/\">Script to backup Cisco switches via telnet \/ tftp<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/01\/30\/nessus-wrapper-for-ike-scan\/\">Nessus\/OpenVAS wrapper for ike-scan<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/01\/28\/monitoring-your-network-with-powershell\/\">Monitoring your network with Powershell<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2008\/09\/26\/free-tool-pve-tcp-ping-utility\/\">Free tool - PVE TCP Ping Utility &ndash; v1.0.0.1<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2008\/07\/27\/free-tool-cisco-ironport-c350-safelist-blocklist-merge-utility\/\">Free Tool - Cisco Ironport C350 Safelist \/ Blocklist merge utility<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2008\/06\/22\/cisco-switch-ios-cheat-sheet\/\">Cisco switch IOS cheat sheet<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2008\/05\/19\/free-tool-exchange-2007-outbound-smtp-gateway-redundancy\/\">Free Tool - Exchange 2007 Outbound SMTP gateway redundancy<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_pentesting\">Pentesting<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/22\/pastenum-pastebinpastie-enumeration-tool\/\">Pastenum - Pastebin\/pastie enumeration tool<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_powershell-scripts\">Powershell<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/01\/28\/monitoring-your-network-with-powershell\/\">Monitoring your network with Powershell<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_root-cause-analysis\">Root Cause Analysis<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/07\/02\/root-cause-analysis-integer-overflows\/\">Root Cause Analysis &ndash; Integer Overflows<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/02\/26\/root-cause-analysis-memory-corruption-vulnerabilities\/\">Root Cause Analysis &ndash; Memory Corruption Vulnerabilities<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_scripts\">Scripts<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2016\/01\/31\/encfsgui-gui-wrapper-around-encfs-for-osx\/\">EncFSGui - GUI Wrapper around encfs for OSX<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/12\/31\/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2\/\">Jingle BOFs, Jingle ROPs, Sploiting all the things... with Mona v2 !!<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/22\/pastenum-pastebinpastie-enumeration-tool\/\">Pastenum - Pastebin\/pastie enumeration tool<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/01\/26\/starting-to-write-immunity-debugger-pycommands-my-cheatsheet\/\">Starting to write Immunity Debugger PyCommands : my cheatsheet<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/10\/23\/backup-restore-windows-server-based-print-servers\/\">Backup &amp; Restore Windows Server based Print Servers<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/10\/21\/script-to-backup-cisco-switches-via-telnet-tftp\/\">Script to backup Cisco switches via telnet \/ tftp<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/10\/19\/fuzzing-with-metasploit-simple-ftp-fuzzer\/\">Fuzzing with Metasploit : Simple FTP fuzzer<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/12\/free-tool-find-where-ad-users-are-logged-on-into\/\">Free tool : Find out where your AD Users are logged on into<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_security\">Security<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2016\/01\/31\/encfsgui-gui-wrapper-around-encfs-for-osx\/\">EncFSGui - GUI Wrapper around encfs for OSX<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/02\/19\/deps-precise-heap-spray-on-firefox-and-ie10\/\">DEPS - Precise Heap Spray on Firefox and IE10<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/01\/18\/heap-layout-visualization-with-mona-py-and-windbg\/\">Heap Layout Visualization with mona.py and WinDBG<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/02\/29\/debugging-fun-putting-a-process-to-sleep\/\">Debugging Fun - Putting a process to sleep()<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/12\/31\/exploit-writing-tutorial-part-11-heap-spraying-demystified\/\">Exploit writing tutorial part 11 : Heap Spraying Demystified<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/11\/18\/wow64-egghunter\/\">WoW64 Egghunter<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/07\/27\/metasploit-bounty-the-good-the-bad-and-the-ugly\/\">Metasploit Bounty - the Good, the Bad and the Ugly<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/07\/03\/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py\/\">Universal DEP\/ASLR bypass with msvcr71.dll and mona.py<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/04\/03\/hitb-2011-ctf-reversing-vectored-exception-handling-veh\/\">HITB 2011 CTF - Reversing Vectored Exception Handling (VEH)<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/30\/honeynet-workshop-2011\/\">Honeynet Workshop 2011<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/22\/pastenum-pastebinpastie-enumeration-tool\/\">Pastenum - Pastebin\/pastie enumeration tool<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/18\/blackhat-europe-2011-day-02\/\">BlackHat Europe 2011 \/ Day 02<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/17\/blackhat-europe-2011-day-01\/\">BlackHat Europe 2011 \/ Day 01<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/14\/codegate-2011-ctf-binary200-anti-debugging-techniques\/\">Codegate 2011 CTF - Binary200 - Anti Debugging Techniques Explained<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/02\/27\/cheat-sheet-installing-snorby-2-2-with-apache2-and-suricata-with-barnyard2-on-ubuntu-10-x\/\">Cheat sheet : Installing Snorby 2.2 with Apache2 and Suricata with Barnyard2 on Ubuntu 10.x<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/02\/27\/anti-debugging-tricks-revealed-defcon-ctf-qualifications-2009-bin300-analysis\/\">Anti-debugging tricks revealed - Defcon CTF Qualifications 2009: Bin300 Analysis<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/01\/30\/hack-notes-rop-retnoffset-and-impact-on-stack-setup\/\">Hack Notes : ROP retn+offset and impact on stack setup<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/01\/31\/the-honeypot-incident-how-strong-is-your-uf-reversing-fu\/\">The Honeypot Incident - How strong is your UF (Reversing FU)<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/10\/12\/death-of-an-ftp-client\/\">Death of an ftp client \/ Birth of Metasploit modules<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/07\/27\/cisco-voip-phones-a-hackers-perspective\/\">Cisco VoIP Phones &ndash; A Hackers Perspective<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/07\/23\/watobo-the-unofficial-manual\/\">WATOBO &ndash; the unofficial manual<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/06\/16\/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube\/\">Exploit writing tutorial part 10 : Chaining DEP with ROP - the Rubik's[TM] Cube<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/04\/16\/blackhat-europe-2010-barcelona-day-10\/\">Blackhat Europe 2010 Barcelona - Day 10<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/04\/14\/blackhat-europe-2010-barcelona-day-1\/\">Blackhat Europe 2010 Barcelona - Day 01<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/03\/27\/exploiting-ken-ward-zipper-taking-advantage-of-payload-conversion\/\">Exploiting Ken Ward Zipper : Taking advantage of payload conversion<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/03\/22\/ken-ward-zipper-exploit-write-up-on-abysssec-com\/\">Ken Ward Zipper exploit write-up on abysssec.com<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/03\/15\/quickzip-exploit-article-part-2-released-on-offsec-blog\/\">QuickZip exploit article part 2 released on OffSec Blog<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/02\/25\/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding\/\">Exploit writing tutorial part 9 : Introduction to Win32 shellcoding<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/01\/26\/starting-to-write-immunity-debugger-pycommands-my-cheatsheet\/\">Starting to write Immunity Debugger PyCommands : my cheatsheet<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/01\/09\/exploit-writing-tutorial-part-8-win32-egg-hunting\/\">Exploit writing tutorial part 8 : Win32 Egg Hunting<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/11\/06\/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc\/\">Exploit writing tutorial part 7 : Unicode - from 0x00410041 to calc<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/10\/19\/fuzzing-with-metasploit-simple-ftp-fuzzer\/\">Fuzzing with Metasploit : Simple FTP fuzzer<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/09\/21\/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr\/\">Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/09\/05\/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development\/\">Exploit writing tutorial part 5 : How debugger modules &amp; plugins can speed up basic exploit development<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/08\/12\/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics\/\">Exploit writing tutorial part 4 : From Exploit to Metasploit - The basics<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/28\/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b\/\">Exploit writing tutorial part 3b : SEH Based Exploits - just another example<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/25\/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh\/\">Exploit writing tutorial part 3 : SEH Based Exploits<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/23\/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2\/\">Exploit writing tutorial part 2 : Stack Based Overflows - jumping to shellcode<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/19\/exploit-writing-tutorial-part-1-stack-based-overflows\/\">Exploit writing tutorial part 1 : Stack Based Overflows<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/12\/free-tool-find-where-ad-users-are-logged-on-into\/\">Free tool : Find out where your AD Users are logged on into<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/04\/10\/free-tool-windows-2008-certificate-authority-certificate-list-utility-for-pending-requests-and-about-to-expire-certificates\/\">Free tool : Windows 2003\/2008 Certificate Authority Certificate List Utility for pending requests and about-to-expire certificates<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/01\/30\/nessus-wrapper-for-ike-scan\/\">Nessus\/OpenVAS wrapper for ike-scan<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2008\/07\/27\/free-tool-cisco-ironport-c350-safelist-blocklist-merge-utility\/\">Free Tool - Cisco Ironport C350 Safelist \/ Blocklist merge utility<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2008\/07\/21\/free-tool-attachment-filtering-with-exchange-2007-custom-transport-agent\/\">Free tool - Attachment filtering with Exchange 2007\/2010 (custom transport agent)<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2007\/11\/18\/free-tool-pve-active-directory-disable-users\/\">Free tool &ndash; PVE Active Directory Disable Users<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_security-papers\">Papers<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/02\/27\/cheat-sheet-installing-snorby-2-2-with-apache2-and-suricata-with-barnyard2-on-ubuntu-10-x\/\">Cheat sheet : Installing Snorby 2.2 with Apache2 and Suricata with Barnyard2 on Ubuntu 10.x<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/07\/27\/cisco-voip-phones-a-hackers-perspective\/\">Cisco VoIP Phones &ndash; A Hackers Perspective<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/07\/23\/watobo-the-unofficial-manual\/\">WATOBO &ndash; the unofficial manual<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_tools-security\">Tools<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/02\/19\/deps-precise-heap-spray-on-firefox-and-ie10\/\">DEPS - Precise Heap Spray on Firefox and IE10<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/01\/18\/heap-layout-visualization-with-mona-py-and-windbg\/\">Heap Layout Visualization with mona.py and WinDBG<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_uncategorized\">Uncategorized<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/15\/blackhateu2013-day2-the-sandbox-roulette-are-you-ready-to-ramble\/\">BlackHatEU2013 - Day2 - The Sandbox Roulette: Are you ready to ramble<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2012\/02\/29\/debugging-fun-putting-a-process-to-sleep\/\">Debugging Fun - Putting a process to sleep()<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/11\/18\/wow64-egghunter\/\">WoW64 Egghunter<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/04\/03\/hitb-2011-ctf-reversing-vectored-exception-handling-veh\/\">HITB 2011 CTF - Reversing Vectored Exception Handling (VEH)<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/30\/honeynet-workshop-2011\/\">Honeynet Workshop 2011<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_video-security\">Video<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/03\/14\/codegate-2011-ctf-binary200-anti-debugging-techniques\/\">Codegate 2011 CTF - Binary200 - Anti Debugging Techniques Explained<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2011\/02\/27\/anti-debugging-tricks-revealed-defcon-ctf-qualifications-2009-bin300-analysis\/\">Anti-debugging tricks revealed - Defcon CTF Qualifications 2009: Bin300 Analysis<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_webapp-security\">Web Application Security<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2010\/07\/23\/watobo-the-unofficial-manual\/\">WATOBO &ndash; the unofficial manual<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_windows-internals\">Windows Internals<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2016\/07\/05\/windows-10-x86wow64-userland-heap\/\">Windows 10 x86\/wow64 Userland heap<\/a><\/li>\n\n\t\t\t\t<\/ul>\n\t\t\t\t\n\t\t\t\t<h3 id=\"cat_windows-server\">Windows Server<\/h3>\n\t\t\t\t<ul>\n\t\t\t<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/10\/23\/backup-restore-windows-server-based-print-servers\/\">Backup &amp; Restore Windows Server based Print Servers<\/a><\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/04\/10\/free-tool-windows-2008-certificate-authority-certificate-list-utility-for-pending-requests-and-about-to-expire-certificates\/\">Free tool : Windows 2003\/2008 Certificate Authority Certificate List Utility for pending requests and about-to-expire certificates<\/a><\/li>\n\n\t\t\t<\/ul>\n\t\t<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Active Directory Free tool : Find out where your AD Users are logged on into Free tool &ndash; PVE Active Directory Disable Users Certificates Free tool : Windows 2003\/2008 Certificate Authority Certificate List Utility for pending requests and about-to-expire certificates Cisco Cisco VoIP Phones &ndash; A Hackers Perspective Script to backup Cisco switches via telnet &hellip; <a href=\"https:\/\/www.corelan.be\/index.php\/articles\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> \"Corelan Articles | Exploit Writing Tutorials &#038; Cybersecurity Insights\"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"class_list":["post-11291","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Corelan Articles | Exploit Writing Tutorials &amp; Cybersecurity Insights - Corelan | Exploit Development &amp; Vulnerability Research<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.corelan.be\/index.php\/articles\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Corelan Articles | Exploit Writing Tutorials &amp; Cybersecurity Insights - Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"og:description\" content=\"Active Directory Free tool : Find out where your AD Users are logged on into Free tool &ndash; PVE Active Directory Disable Users Certificates Free tool : Windows 2003\/2008 Certificate Authority Certificate List Utility for pending requests and about-to-expire certificates Cisco Cisco VoIP Phones &ndash; A Hackers Perspective Script to backup Cisco switches via telnet &hellip; Continue reading &quot;Corelan Articles | Exploit Writing Tutorials &#038; Cybersecurity Insights&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.corelan.be\/index.php\/articles\/\" \/>\n<meta property=\"og:site_name\" content=\"Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/corelanconsulting\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-06T12:19:29+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@corelanc0d3r\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/articles\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/articles\\\/\",\"name\":\"Corelan Articles | Exploit Writing Tutorials & Cybersecurity Insights - Corelan | Exploit Development &amp; Vulnerability Research\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\"},\"datePublished\":\"2026-03-05T20:30:09+00:00\",\"dateModified\":\"2026-03-06T12:19:29+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/articles\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/articles\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/articles\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.corelan.be\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Corelan Articles | Exploit Writing Tutorials &#038; Cybersecurity Insights\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"name\":\"Corelan CyberSecurity Research\",\"description\":\"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.corelan.be\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\",\"name\":\"Corelan CyberSecurity Research\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"contentUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"width\":200,\"height\":200,\"caption\":\"Corelan CyberSecurity Research\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/corelanconsulting\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\",\"https:\\\/\\\/x.com\\\/corelanconsulting\",\"https:\\\/\\\/instagram.com\\\/corelanconsult\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Corelan Articles | Exploit Writing Tutorials & Cybersecurity Insights - Corelan | Exploit Development &amp; Vulnerability Research","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.corelan.be\/index.php\/articles\/","og_locale":"en_US","og_type":"article","og_title":"Corelan Articles | Exploit Writing Tutorials & Cybersecurity Insights - Corelan | Exploit Development &amp; Vulnerability Research","og_description":"Active Directory Free tool : Find out where your AD Users are logged on into Free tool &ndash; PVE Active Directory Disable Users Certificates Free tool : Windows 2003\/2008 Certificate Authority Certificate List Utility for pending requests and about-to-expire certificates Cisco Cisco VoIP Phones &ndash; A Hackers Perspective Script to backup Cisco switches via telnet &hellip; Continue reading \"Corelan Articles | Exploit Writing Tutorials &#038; Cybersecurity Insights\"","og_url":"https:\/\/www.corelan.be\/index.php\/articles\/","og_site_name":"Corelan | Exploit Development &amp; Vulnerability Research","article_publisher":"https:\/\/www.facebook.com\/corelanconsulting","article_modified_time":"2026-03-06T12:19:29+00:00","twitter_card":"summary_large_image","twitter_site":"@corelanc0d3r","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.corelan.be\/index.php\/articles\/","url":"https:\/\/www.corelan.be\/index.php\/articles\/","name":"Corelan Articles | Exploit Writing Tutorials & Cybersecurity Insights - Corelan | Exploit Development &amp; Vulnerability Research","isPartOf":{"@id":"https:\/\/www.corelan.be\/#website"},"datePublished":"2026-03-05T20:30:09+00:00","dateModified":"2026-03-06T12:19:29+00:00","breadcrumb":{"@id":"https:\/\/www.corelan.be\/index.php\/articles\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.corelan.be\/index.php\/articles\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.corelan.be\/index.php\/articles\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.corelan.be\/"},{"@type":"ListItem","position":2,"name":"Corelan Articles | Exploit Writing Tutorials &#038; Cybersecurity Insights"}]},{"@type":"WebSite","@id":"https:\/\/www.corelan.be\/#website","url":"https:\/\/www.corelan.be\/","name":"Corelan CyberSecurity Research","description":"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.","publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.corelan.be\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.corelan.be\/#organization","name":"Corelan CyberSecurity Research","url":"https:\/\/www.corelan.be\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/","url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","contentUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","width":200,"height":200,"caption":"Corelan CyberSecurity Research"},"image":{"@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/corelanconsulting","https:\/\/x.com\/corelanc0d3r","https:\/\/x.com\/corelanconsulting","https:\/\/instagram.com\/corelanconsult"]}]}},"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/pages\/11291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/comments?post=11291"}],"version-history":[{"count":3,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/pages\/11291\/revisions"}],"predecessor-version":[{"id":11982,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/pages\/11291\/revisions\/11982"}],"wp:attachment":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/media?parent=11291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}