Windows 10 egghunter (wow64) and more
Introduction Ok, I have a confession to make, I have always been somewhat intrigued by egghunters. That doesn’t mean that I like to use (or abuse) an egghunter just because I fancy what it does. In fact, I believe it’s a good practise to try to avoid egghunters if you can, as they tend to […]
Windows 10 x86/wow64 Userland heap
Introduction Hi all, Over the course of the past few weeks ago, I received a number of “emergency” calls from some relatives, asking me to look at their computer because “things were broken”, “things looked different” and “I think my computer got hacked”. I quickly realized that their computers got upgraded to Windows 10. We […]
Crypto in the box, stone age edition
Introduction First of all, Happy New Year to everyone! I hope 2016 will be a fantastic and healthy year, filled with fun, joy, energy, and lots of pleasant surprises. I remember when all of my data would fit on a single floppy disk. 10 times. The first laptops looked like (and felt like) mainframes on […]
How to become a pentester
Intro I receive a lot of emails. (Please don’t make it worse, thanks!) Unfortunately I don’t have as much spare time as I used to, or would like to, so I often have no other choice than to redirect questions to our forums or our IRC channel (#corelan on freenode), hoping that other members […]
Analyzing heap objects with mona.py
Introduction Hi all, While preparing for my Advanced exploit dev course at Derbycon, I’ve been playing with heap allocation primitives in IE. One of the things that causes some frustration (or, at least, tends to slow me down during the research) is the ability to quickly identify objects that may be useful. After all, I’m […]
CSO : Common Sense Operator/Operations
As the CSO/CISO/person responsible for Information Security, your job is to… well … do you even know? Does upper management know? “Our crappy CSO …” and “Our stupid CSO …” are statements commonly used by various (techie) people, throwing their hands up in despair, attempting to prove that their CSO doesn’t understand technology and has […]
HITB2014AMS – Day 2 – On Her Majesty’s Secret Service: GRX & A Spy Agency
Last year, Belgacom got hacked by an intelligence service (GCHQ?), Rob says. “What is so interesting about this hack, why did they hack into Belgacom, what would or could be the purpose of a similar hack?” Before answering those questions, we need to take a quick look on how mobile networks work and how mobile […]
HITB2014AMS – Day 2 – Keynote 4: Hack It Forward
Good morning Amsterdam, good morning readers, welcome to the second day of the Hack In The Box conference. The speaker for the first keynote didn’t show up, so we’ll jump right into the next keynote. Jennifer starts her keynote by explaining that she’s fortunate to be able to travel to a lot of conferences and […]
HITB2014AMS – Day 2 – Exploring and Exploiting iOS Web Browsers
iOS Browsers & UIWebview iOS is very popular (according to StatCounter, it’s the 3rd most popular platform used). Mobile browsers take about 20% to 25% of the market share. iOS offers integration with desktop browsers and cloud (so the same data is available to an attacker). Many 3rd party IOS browsers have similar weaknesses which […]