{"id":9843,"date":"2013-03-14T11:31:07","date_gmt":"2013-03-14T10:31:07","guid":{"rendered":"https:\/\/www.corelan.be\/?p=9843"},"modified":"2013-03-14T11:31:07","modified_gmt":"2013-03-14T10:31:07","slug":"blackhateu2013-day1-practical-attacks-against-mdm-solutions","status":"publish","type":"post","link":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/","title":{"rendered":"BlackHatEU2013 - Day1 - Practical Attacks against MDM solutions"},"content":{"rendered":"<p>Good morning everyone,<\/p>\n<p>Welcome to BlackHat Europe 2013 ! \u00a0As announced in <a href=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/10\/black-hat-europe-2013-preview\/\">my post a couple of days ago<\/a>, I'll try to post short write-ups about some of the talks right after the presentation has finished. \u00a0All you have to do is keep an eye on my <a href=\"https:\/\/www.twitter.com\/corelanc0d3r\">Twitter<\/a>\u00a0feed to see when a new post is available.<\/p>\n<p>After enjoying breakfast with <a href=\"https:\/\/www.twitter.com\/wimremes\">@wimremes<\/a>, @<a href=\"https:\/\/www.twitter.com\/xme\">xme<\/a>, @<a href=\"https:\/\/www.twitter.com\/chrisjohnriley\">chrisjohnriley<\/a>, @<a href=\"https:\/\/www.twitter.com\/halvarflake\">halvarflake<\/a>, @<a href=\"https:\/\/www.twitter.com\/botherder\">botherder<\/a>, @<a href=\"https:\/\/www.twitter.com\/repmovsb\">repmovsb<\/a>, <a href=\"https:\/\/twitter.com\/dookie2000ca\">@dookie<\/a>, <a href=\"https:\/\/twitter.com\/offsectraining\">muts<\/a> and some others (sorry if I forgot to mention your twitter handle), it's time for work. \u00a0 (Yes, attending conferences is not just talks in between the parties\u2026 it is hard work ! \ud83d\ude42 )<\/p>\n<p>Before we begin, I would like to congratulate Offensive Security with the release of Kali Linux, the successor of BackTrack Linux. Check it out at <a href=\"http:\/\/www.kali.org\/\">http:\/\/www.kali.org\/<\/a>\u00a0!<\/p>\n<p>The first session that I'm attending today is called \"Practical Attacks against MDM solutions\", presented by <a href=\"http:\/\/www.blackhat.com\/eu-13\/briefings.html#Brodie\">Daniel Brodie and Michael Shaulov<\/a>\u00a0from Lacoon Mobile Security.<\/p>\n<p>Daniel has been a research for almost a decade (PC \/ Mobile) and has been working on developing a dynamic analysis framework for malware on mobile devices. \u00a0Michael is the CEO \/ co-founder of Lacoon and has done lots of research on feature-phones and smartphones.<\/p>\n<h3>Introduction<\/h3>\n<p>An MDM is a policy &amp; configuration tool that helps enterprises manage BYOD and corporate mobile devices. In most cases, it allows separation of business vs private data on these devices by using multiple containers. \u00a0Gartner states that in the next few years, 65% of the enterprises will be using MDM solutions to manage their devices.<\/p>\n<p>Key capabilities of an MDM solution include software management, network service management, hardware management and security management (remote wipe, enforce configurations and encryption, if the operating systems allows this). \u00a0Most of these tools allow you to detect if the device is jailbroken or not. \u00a0MobileIron\/AirWatch\/FiberLink\/Zenprise\/Good Technologies are some companies that offer MDM solutions. \u00a0Good Technologies was the company that introduced the use of secure containers, Michael says.<\/p>\n<p>Secure containers are just normal applications on the device. They are designed to secure communications between the device and the company, and also provide encrypted storage (actions as some kind of sandbox, using default OS capabilities).<\/p>\n<h3>Rise of the Spyphones (RAT - Remote Access\/Admin Tools)<\/h3>\n<p>Daniel explains that these secure containers attempt to protect against malware which would turn your device into a spyphone. RAT malware target both personal data, or have financial motives. \u00a0 Mobile devices are a great target because they contain contacts, email and corporate information.<\/p>\n<p>Malware capabilities include Eavesdropping &amp; surround recording, location tracking, extracting call\/text logs, access the company LAN via VPN, etc. \u00a0FinSpy, DaVinci RCS, LuckyCat and Leo Impact are some examples of malware tools. \u00a0Some of them start at 4,99$ per month, and are available for iOS, Android, BlackBerry, Windows, Symbian etc. Some of them even come with professional support and are very user-friendly. \u00a0\"So simple even your mother can use them\".\u00a0The difference between the high-end and low-end tools is mostly related with the infection vector. \u00a0High-end tools often use 0day vulnerabilities, while the cheaper ones using older bugs.<\/p>\n<p>To see how popular these tools are, Daniel continues, they partnered with worldwide cellular network providers and samples 250K subscribers. \u00a0They discoverd that in March of 2012, one out of 3000 devices were infected. In october, this number increased to 1 out of 1000 devices, which is an alarming trend. \u00a0 The majority of the infections were found on iOS (52%), in a market that is dominated by Android (51%).<\/p>\n<p>Nobody seems to worry about this, because \"we have a secure container\" right ?<\/p>\n<h3>Bypassing secure container encryption capabilities<\/h3>\n<p>Secure containers attempt to detect jailbreaking and the installation of rogue applications, and encrypt data. \u00a0All of this is based on functionality provided by the OS. \u00a0Most jailbreaking\/Rooting detection mechanisms are based on publicly known routines. They usually check for the presence of Cydia\/SU, but they don't try to detect the actual exploitation. \u00a0If someone is using a custom exploit, the jailbreak detection technique may not work.<\/p>\n<p>The mechanism to prevent the installation of malicious applications have been bypassed in certain cases, so this is not a foolproof protection feature either.<\/p>\n<p>Michael and Daniel continue by demonstrating how the secure container on Android can by bypassed. \u00a0The technique is based on the Exynos exploit (released in december 2012), hidden inside a rogue application (pretending to be a little\/free game or something like that), which installs a rogue daemon running in the background. In the demo, Daniel shows that this service was able to grab the contents of corporate emails were taken and sent to the C&amp;C server by listening to the event log. \u00a0 By then accessing the heap (\/proc\/&lt;pid&gt;\/maps and \/mem), they could extract the email contents and send it to the attacker.<\/p>\n<p>On iOS, equipped with the Good Technologies MDM solution, they were also successful at stealing emails that were supposed to be protected by the secure container. \u00a0To get the attack to work, the malicious application needs to be installed first. This either requires a jailbroken device, or a signed application that will perform the jailbreak and then hides it. \u00a0The technique for iOS first loads the malicious dylib into memory (it's signed - but increasingly more difficult to do nowadays). \u00a0The application was changed using MACH-O editing techniques (using scripts that allow you to resign the application).\u00a0Then, hooks are placed using standard objective C mechanisms (Objc_setImplementation). These hooks are designed to extract email content from the data passed to the function, send it home, and then call the original function.<\/p>\n<p>Daniel stresses that both attacks demonstrated were not targeted against Good in any way. The exploits are generic and should work against multiple products.<\/p>\n<p>In any case, secure containers rely on the integrity of the host system. \u00a0If it's already compromised, the secure container is no longer secure. \u00a0If the host system is not compromised\u2026 the secure container doesn't really provide added value to the end user.<\/p>\n<h3>Conclusions<\/h3>\n<p>Infection is inevitable, Michael explains. \u00a0MDM provides management, but not security. MDM solutions allow you to separate private data from business data and allow you to wipe the enterprise part of the devices, or provide \"copy\/paste\" Data Loss Prevention, but that's about it.<\/p>\n<p>An MDM can acts as a baseline defence for a multi-layer approach, not as a sole security layer. \u00a0Additional protection on the network layer may be required to further secure the devices (IDS\/IPS on the network, force the use of VPN, etc). \u00a0Michael also explains that most antivirus products are also limited by the sandbox, so they can't really do proper hooks. \u00a0Most AV's use signature based detection and fail at properly detecting malware. \u00a0In fact, since some of these RAT tools claim to be legitimate applications (so you can spy on your kids etc), are simply whitelisted by certain AV products.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Good morning everyone, Welcome to BlackHat Europe 2013 ! \u00a0As announced in my post a couple of days ago, I'll try to post short write-ups about some of the talks right after the presentation has finished. \u00a0All you have to do is keep an eye on my Twitter\u00a0feed to see when a new post is &hellip; <a href=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> \"BlackHatEU2013 - Day1 - Practical Attacks against MDM solutions\"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[2250],"tags":[2681,1824,261],"class_list":["post-9843","post","type-post","status-publish","format-standard","hentry","category-cons-seminars","tag-blackhat","tag-metasploit","tag-corelan"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>BlackHatEU2013 - Day1 - Practical Attacks against MDM solutions - Corelan | Exploit Development &amp; Vulnerability Research<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BlackHatEU2013 - Day1 - Practical Attacks against MDM solutions - Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"og:description\" content=\"Good morning everyone, Welcome to BlackHat Europe 2013 ! \u00a0As announced in my post a couple of days ago, I&#039;ll try to post short write-ups about some of the talks right after the presentation has finished. \u00a0All you have to do is keep an eye on my Twitter\u00a0feed to see when a new post is &hellip; Continue reading &quot;BlackHatEU2013 - Day1 - Practical Attacks against MDM solutions&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/\" \/>\n<meta property=\"og:site_name\" content=\"Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/corelanconsulting\" \/>\n<meta property=\"article:published_time\" content=\"2013-03-14T10:31:07+00:00\" \/>\n<meta name=\"author\" content=\"corelanc0d3r\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@corelanc0d3r\" \/>\n<meta name=\"twitter:site\" content=\"@corelanc0d3r\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"TechArticle\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\\\/\"},\"author\":{\"name\":\"corelanc0d3r\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\"},\"headline\":\"BlackHatEU2013 - Day1 - Practical Attacks against MDM solutions\",\"datePublished\":\"2013-03-14T10:31:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\\\/\"},\"wordCount\":1149,\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"keywords\":[\"blackhat\",\"metasploit\",\"corelan\"],\"articleSection\":[\"Cons and Seminars\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\\\/\",\"name\":\"BlackHatEU2013 - Day1 - Practical Attacks against MDM solutions - Corelan | Exploit Development &amp; Vulnerability Research\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\"},\"datePublished\":\"2013-03-14T10:31:07+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.corelan.be\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"BlackHatEU2013 &#8211; Day1 &#8211; Practical Attacks against MDM solutions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"name\":\"Corelan CyberSecurity Research\",\"description\":\"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.corelan.be\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\",\"name\":\"Corelan CyberSecurity Research\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"contentUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"width\":200,\"height\":200,\"caption\":\"Corelan CyberSecurity Research\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/corelanconsulting\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\",\"https:\\\/\\\/x.com\\\/corelanconsulting\",\"https:\\\/\\\/instagram.com\\\/corelanconsult\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\",\"name\":\"corelanc0d3r\",\"pronouns\":\"he\\\/him\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"caption\":\"corelanc0d3r\"},\"description\":\"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.\",\"sameAs\":[\"https:\\\/\\\/www.corelan-training.com\",\"https:\\\/\\\/instagram.com\\\/corelanc0d3r\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/petervaneeckhoutte\\\/\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\"],\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/author\\\/admin0\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"BlackHatEU2013 - Day1 - Practical Attacks against MDM solutions - Corelan | Exploit Development &amp; Vulnerability Research","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/","og_locale":"en_US","og_type":"article","og_title":"BlackHatEU2013 - Day1 - Practical Attacks against MDM solutions - Corelan | Exploit Development &amp; Vulnerability Research","og_description":"Good morning everyone, Welcome to BlackHat Europe 2013 ! \u00a0As announced in my post a couple of days ago, I'll try to post short write-ups about some of the talks right after the presentation has finished. \u00a0All you have to do is keep an eye on my Twitter\u00a0feed to see when a new post is &hellip; Continue reading \"BlackHatEU2013 - Day1 - Practical Attacks against MDM solutions\"","og_url":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/","og_site_name":"Corelan | Exploit Development &amp; Vulnerability Research","article_publisher":"https:\/\/www.facebook.com\/corelanconsulting","article_published_time":"2013-03-14T10:31:07+00:00","author":"corelanc0d3r","twitter_card":"summary_large_image","twitter_creator":"@corelanc0d3r","twitter_site":"@corelanc0d3r","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/#article","isPartOf":{"@id":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/"},"author":{"name":"corelanc0d3r","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f"},"headline":"BlackHatEU2013 - Day1 - Practical Attacks against MDM solutions","datePublished":"2013-03-14T10:31:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/"},"wordCount":1149,"publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"keywords":["blackhat","metasploit","corelan"],"articleSection":["Cons and Seminars"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/","url":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/","name":"BlackHatEU2013 - Day1 - Practical Attacks against MDM solutions - Corelan | Exploit Development &amp; Vulnerability Research","isPartOf":{"@id":"https:\/\/www.corelan.be\/#website"},"datePublished":"2013-03-14T10:31:07+00:00","breadcrumb":{"@id":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-practical-attacks-against-mdm-solutions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.corelan.be\/"},{"@type":"ListItem","position":2,"name":"BlackHatEU2013 &#8211; Day1 &#8211; Practical Attacks against MDM solutions"}]},{"@type":"WebSite","@id":"https:\/\/www.corelan.be\/#website","url":"https:\/\/www.corelan.be\/","name":"Corelan CyberSecurity Research","description":"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.","publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.corelan.be\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.corelan.be\/#organization","name":"Corelan CyberSecurity Research","url":"https:\/\/www.corelan.be\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/","url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","contentUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","width":200,"height":200,"caption":"Corelan CyberSecurity Research"},"image":{"@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/corelanconsulting","https:\/\/x.com\/corelanc0d3r","https:\/\/x.com\/corelanconsulting","https:\/\/instagram.com\/corelanconsult"]},{"@type":"Person","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f","name":"corelanc0d3r","pronouns":"he\/him","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","url":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","caption":"corelanc0d3r"},"description":"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.","sameAs":["https:\/\/www.corelan-training.com","https:\/\/instagram.com\/corelanc0d3r","https:\/\/www.linkedin.com\/in\/petervaneeckhoutte\/","https:\/\/x.com\/corelanc0d3r"],"url":"https:\/\/www.corelan.be\/index.php\/author\/admin0\/"}]}},"views":5105,"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/9843","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/comments?post=9843"}],"version-history":[{"count":0,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/9843\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/media?parent=9843"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/categories?post=9843"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/tags?post=9843"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}