{"id":9846,"date":"2013-03-14T13:16:17","date_gmt":"2013-03-14T12:16:17","guid":{"rendered":"https:\/\/www.corelan.be\/?p=9846"},"modified":"2026-03-23T07:17:28","modified_gmt":"2026-03-23T06:17:28","slug":"blackhateu2013-day1-hacking-appliances","status":"publish","type":"post","link":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/","title":{"rendered":"BlackHatEU2013 - Day1 - Hacking Appliances"},"content":{"rendered":"<p>The second talk I'm attending today is presented by <a href=\"http:\/\/www.blackhat.com\/eu-13\/briefings.html#Williams\">Ben Williams<\/a>, who's going to talk about \"Ironic exploitation of security products\". He explains that, as a pentester\/researcher for NCC Group, he gets the chance to do fun pentests and break a lot of stuff. \u00a0In the past year, he was able to work on auditing various security appliances, more specifically the web interface of these products. \u00a0Most of the vulnerabilities were very easy to find, which is quite interesting because these appliances are supposed to protect us. \u00a0\u00a0We all assume these products are impregnable fortresses.<\/p>\n<p>Ben explains that he has looked at Email\/Web filtering appliances, Firewalls, gateways, UTMs, Remote Access systems and others (single sign-on products, etc) and found lots of bugs in most of these products. \u00a0Interestingly enough, some of these appliances were awarded as \"best products\" in the 2013 edition of SC Magazine.<\/p>\n<p>Some of these systems are very valuable to an attacker. \u00a0If a firewall is compromised, this is a big issue. In a lot of cases, these appliances sit at the perimeter of the network and have the management interface exposed to the internet as well. \u00a0Ben explains that the placement of these appliances in the network obviously impact how easy it can be for an attacker to take advantage of a flaw.<\/p>\n<p>To demonstrate what can be found in some appliances, Ben starts by using a Sophos Email Appliance as an example. \u00a0He was fortunate enough to come across this appliance during a pentest and discovered that it had the \u00a0admin UI exposed to the internet, as well as port 22 and 25. \u00a0He used Burp Suite to look at the authentication process of the appliance and attempted to brute force the authentication. \u00a0He found the password and was able to log in. \u00a0By itself, this is not really an exploit, but it allowed him to continue to audit the appliance itself.<\/p>\n<p>A lot of appliances, Ben mentions, have default admin user accounts and passwords. \u00a0These appliances usually don't prevent brute forcing of accounts or account lockout policies. \u00a0Usually, the device lacks password complexity requirements. \u00a0During his tests, he even discovered that some appliances didn't even have proper logging\/alerting. \u00a0 In other words, even with a brute force attempt, attackers might have a good chance to get into the device, even if it takes days, weeks or months to find the password.<\/p>\n<p>After gaining access to the admin interface of the mail appliance, he found loads of additional issues, including XSS with session hijacking, CSRF issues, even OS command injection bugs. \u00a0Game over. \u00a0After all, with command injection, an attacker can not only get a shell, but he also gets access to all emails, even the ones that the admin can't see from the appliance UI. \u00a0On top of that, he might even be able to access the internal network from the appliance. \u00a0Going from a normal shell to root shell on this particular device was trivial.<\/p>\n<p>From an OS perspective, Ben explains, you can find old kernels, old packages, unnecessary packages, poor configurations and insecure proprietary access. \u00a0 Most vendors claim that their appliance is running a \"hardened\" linux, but that doesn't seem to be the case in some cases, he continues. \u00a0After all, he has found compiler\/debuggers, scripting languages, application managers, network sniffers and other tools such as mmap\/netcat on certain devices. \u00a0Some devices didn't have DEP\/ASRL enabled. \u00a0In any case, that's not we would consider to be a \"hardened\" device. \u00a0If you can use a sniffer for example, you can simply read all emails on an email appliance and gain access to company secrets, extract passwords, etc. \u00a0 If such tools are not available, it might actually be possible to just download the package from the internet, compile it on the device and use it. \u00a0Ben demonstrated that he was able to ftp the mmap source into a device, compile it, and use it to map the internal network.<\/p>\n<p>The issues found in this particular device were reported to Sophos and got fixed in Jan 2013.<\/p>\n<p>The ironic thing about appliances is the fact that the mentioned vulnerabilities are fairly common. \u00a0 Almost all products he audited had Easy password attacks, XSS with session hijacking bugs, allowed for password theft, non-hardened OS (although vendors still claim otherwise), unauthenticated version disclosure. \u00a0The majority had CSRF of admin functions and\/or provide OS command injection and privilege escalation.<\/p>\n<p>Several appliances had stored out-of-band XSS and OSRF bugs (for example, in emails), or even allowed direct authentication bypass. \u00a0 Some were very easy to DoS or had important SSH misconfigurations. \u00a0 In short, most of the OWASP top 10 issues were discovered on a variety of devices.<\/p>\n<p>Ben continues his talk by explaining he was able to find some issues in the Citrix Access Gateway. \u00a0He discovered that, after enabling SSH, and attempting to login to the device using \u00a0ssh admin@ip_address, the device was still asking for the username. \u00a0In fact, the login prompt was just a restricted shell, without password, then asking for another login. \u00a0By using the -L SSH parameter, he was able to set up port forwarding inside his SSH session, allowing him to gain access to the UI (which was not exposed to the internet). \u00a0By combining port forwarding settings, it would even be able to attack hosts behind the gateway. \u00a0 As a secure Remote Access Gateway, this is definitely not wanted behaviour. This issue was fixed just a week ago. (CVE 2013-2263)<\/p>\n<p>Triggered by an issue he found in research from 2011, where he was able to own an email filtering product by using a malicious email, he decided to attack products by using traffic designed for the product. \u00a0He found out-of-band XSS and OSRF issues on 3 anti-spam products, allowing you to attack the users\/admins using a specially crafted spam email.<\/p>\n<p>On top of that, Ben found various issues with backup&amp;restore functionality present in some devices. \u00a0If you combine this functionality with a CSRF issue, you might be able to upload a manipulated backup file, apply it to the device (including your \"special\" configuration) and get a root shell. \u00a0After all, restoring a backup is a high-privilege operation on the device.\u00a0Ben looked at Symantec Email Appliance (9.5.x) for a couple of days and discovered Out-of-band stored XSS (delivered by email), XSS (reflective and stored) with session-hijacking, easy CSRF, SSH with a backdoor account + privilege escalation to root, the ability for an authenticated attacker to modify the UI. \u00a0By combining various attacks (Out-of-band XSS + OSRF), he was able to upload a SUID binary and got a reverse root shell back from the appliance. As soon as the admin looks at the logs, the series of attacks were triggered and the shell was delivered.<\/p>\n<p>The Trend Micro InterScan Messaging Security Virtual Appliance was also found to be vulnerable to a series of bugs, allowing an attacker to collect passwords to the device by injecting scripts into the device using specially crafted email messages. To trigger the attack, the user simply needs to visit his spam quarantine page on the device. \u00a0The Trend Micro issues were reported in April 2012, but are still not fixed.<\/p>\n<p>Ben explains that, while doing this research, he also noticed that some vendors seem to be very cooperative in the process of handling reported vulnerabilities. Typical turnaround for fixes still appears to be 4 to 5 months, but most of them seem to care and actually fix the bugs. \u00a0After a bug gets fixed, the admins still need to apply the patches, which - we all know - doesn't alway happen. \u00a0For vendors, Ben concludes, it's a good idea to increase efforts in terms of Secure Development Lifecycle, product security testing or just simple pentesting against their own devices.<\/p>\n<p>About 80 to 90% of the appliances Ben looked at, appeared to be vulnerable one way or another. \u00a0He received variable responses from vendors. Some bugs got fixed in 3 months, others have not been fixed.<\/p>\n<p>From an evolution point of view, companies tend to shift towards virtual appliances and cloud services. Vulnerabilities found in these services might affect ALL customers at once. After all, the UI needs to be accessible from the internet by design, which also allows the attacker to \"test\" the security without having to download software or buying an appliance himself.<\/p>\n<p>Ben finishes his talk by explaining that there were some rumours about backdoors that may or may not have been part of Huawei device, and mentions \"why would you need a backdoor if the UI is vulnerable\".<\/p>\n<p>Finally, from a defence point of view, Ben stresses that you should avoid enabling the admin interface on an untrusted network and apply patches when they become available. \u00a0Using a different browser with a no script plugin might actually help avoiding the abuse of XSS and CSRF issues. \u00a0Make sure only trusted IPs can access the devices (instead of all users) and change admin passwords.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The second talk I'm attending today is presented by Ben Williams, who's going to talk about \"Ironic exploitation of security products\". He explains that, as a pentester\/researcher for NCC Group, he gets the chance to do fun pentests and break a lot of stuff. \u00a0In the past year, he was able to work on auditing &hellip; <a href=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> \"BlackHatEU2013 - Day1 - Hacking Appliances\"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[2250],"tags":[3783,2681,262,261],"class_list":["post-9846","post","type-post","status-publish","format-standard","hentry","category-cons-seminars","tag-conference","tag-blackhat","tag-corelan-team","tag-corelan"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>BlackHatEU2013 - Day1 - Hacking Appliances - Corelan | Exploit Development &amp; Vulnerability Research<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BlackHatEU2013 - Day1 - Hacking Appliances - Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"og:description\" content=\"The second talk I&#039;m attending today is presented by Ben Williams, who&#039;s going to talk about &quot;Ironic exploitation of security products&quot;. He explains that, as a pentester\/researcher for NCC Group, he gets the chance to do fun pentests and break a lot of stuff. \u00a0In the past year, he was able to work on auditing &hellip; Continue reading &quot;BlackHatEU2013 - Day1 - Hacking Appliances&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/\" \/>\n<meta property=\"og:site_name\" content=\"Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/corelanconsulting\" \/>\n<meta property=\"article:published_time\" content=\"2013-03-14T12:16:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-23T06:17:28+00:00\" \/>\n<meta name=\"author\" content=\"corelanc0d3r\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@corelanc0d3r\" \/>\n<meta name=\"twitter:site\" content=\"@corelanc0d3r\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"TechArticle\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-hacking-appliances\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-hacking-appliances\\\/\"},\"author\":{\"name\":\"corelanc0d3r\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\"},\"headline\":\"BlackHatEU2013 - Day1 - Hacking Appliances\",\"datePublished\":\"2013-03-14T12:16:17+00:00\",\"dateModified\":\"2026-03-23T06:17:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-hacking-appliances\\\/\"},\"wordCount\":1490,\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"keywords\":[\"conference\",\"blackhat\",\"corelan team\",\"corelan\"],\"articleSection\":[\"Cons and Seminars\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-hacking-appliances\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-hacking-appliances\\\/\",\"name\":\"BlackHatEU2013 - Day1 - Hacking Appliances - Corelan | Exploit Development &amp; Vulnerability Research\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\"},\"datePublished\":\"2013-03-14T12:16:17+00:00\",\"dateModified\":\"2026-03-23T06:17:28+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-hacking-appliances\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-hacking-appliances\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/03\\\/14\\\/blackhateu2013-day1-hacking-appliances\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.corelan.be\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"BlackHatEU2013 - Day1 - Hacking Appliances\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"name\":\"Corelan CyberSecurity Research\",\"description\":\"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.corelan.be\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\",\"name\":\"Corelan CyberSecurity Research\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"contentUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"width\":200,\"height\":200,\"caption\":\"Corelan CyberSecurity Research\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/corelanconsulting\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\",\"https:\\\/\\\/x.com\\\/corelanconsulting\",\"https:\\\/\\\/instagram.com\\\/corelanconsult\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\",\"name\":\"corelanc0d3r\",\"pronouns\":\"he\\\/him\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"caption\":\"corelanc0d3r\"},\"description\":\"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.\",\"sameAs\":[\"https:\\\/\\\/www.corelan-training.com\",\"https:\\\/\\\/instagram.com\\\/corelanc0d3r\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/petervaneeckhoutte\\\/\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\"],\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/author\\\/admin0\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"BlackHatEU2013 - Day1 - Hacking Appliances - Corelan | Exploit Development &amp; Vulnerability Research","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/","og_locale":"en_US","og_type":"article","og_title":"BlackHatEU2013 - Day1 - Hacking Appliances - Corelan | Exploit Development &amp; Vulnerability Research","og_description":"The second talk I'm attending today is presented by Ben Williams, who's going to talk about \"Ironic exploitation of security products\". He explains that, as a pentester\/researcher for NCC Group, he gets the chance to do fun pentests and break a lot of stuff. \u00a0In the past year, he was able to work on auditing &hellip; Continue reading \"BlackHatEU2013 - Day1 - Hacking Appliances\"","og_url":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/","og_site_name":"Corelan | Exploit Development &amp; Vulnerability Research","article_publisher":"https:\/\/www.facebook.com\/corelanconsulting","article_published_time":"2013-03-14T12:16:17+00:00","article_modified_time":"2026-03-23T06:17:28+00:00","author":"corelanc0d3r","twitter_card":"summary_large_image","twitter_creator":"@corelanc0d3r","twitter_site":"@corelanc0d3r","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/#article","isPartOf":{"@id":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/"},"author":{"name":"corelanc0d3r","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f"},"headline":"BlackHatEU2013 - Day1 - Hacking Appliances","datePublished":"2013-03-14T12:16:17+00:00","dateModified":"2026-03-23T06:17:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/"},"wordCount":1490,"publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"keywords":["conference","blackhat","corelan team","corelan"],"articleSection":["Cons and Seminars"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/","url":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/","name":"BlackHatEU2013 - Day1 - Hacking Appliances - Corelan | Exploit Development &amp; Vulnerability Research","isPartOf":{"@id":"https:\/\/www.corelan.be\/#website"},"datePublished":"2013-03-14T12:16:17+00:00","dateModified":"2026-03-23T06:17:28+00:00","breadcrumb":{"@id":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.corelan.be\/index.php\/2013\/03\/14\/blackhateu2013-day1-hacking-appliances\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.corelan.be\/"},{"@type":"ListItem","position":2,"name":"BlackHatEU2013 - Day1 - Hacking Appliances"}]},{"@type":"WebSite","@id":"https:\/\/www.corelan.be\/#website","url":"https:\/\/www.corelan.be\/","name":"Corelan CyberSecurity Research","description":"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.","publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.corelan.be\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.corelan.be\/#organization","name":"Corelan CyberSecurity Research","url":"https:\/\/www.corelan.be\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/","url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","contentUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","width":200,"height":200,"caption":"Corelan CyberSecurity Research"},"image":{"@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/corelanconsulting","https:\/\/x.com\/corelanc0d3r","https:\/\/x.com\/corelanconsulting","https:\/\/instagram.com\/corelanconsult"]},{"@type":"Person","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f","name":"corelanc0d3r","pronouns":"he\/him","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","url":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","caption":"corelanc0d3r"},"description":"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.","sameAs":["https:\/\/www.corelan-training.com","https:\/\/instagram.com\/corelanc0d3r","https:\/\/www.linkedin.com\/in\/petervaneeckhoutte\/","https:\/\/x.com\/corelanc0d3r"],"url":"https:\/\/www.corelan.be\/index.php\/author\/admin0\/"}]}},"views":3783,"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/9846","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/comments?post=9846"}],"version-history":[{"count":1,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/9846\/revisions"}],"predecessor-version":[{"id":17835,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/9846\/revisions\/17835"}],"wp:attachment":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/media?parent=9846"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/categories?post=9846"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/tags?post=9846"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}