Uncategorized

HITB2014AMS – Interview with Katie Moussouris

Published May 29, 2014 |

Hi all, I had the pleasure to meet with Katie Moussouris after her keynote at Hack In The Box. After the announcement that she has left Microsoft and now serves as Chief Policy Offer (CPO) at HackerOne. I wanted to ask her 2 questions about this new step in her carreer: Peter: Why HackerOne? Katie: […]

Posted in Uncategorized | Tagged amazon, bug bounty, corelan, corelan team, corelan-be, corelan-coder, corelean-software-exploit, corelean-team, corellan-be, crelan-be, hackerone, hitb2014ams, httpswww-corelan-be, httpswww-part-box-com, httpsyandex-ruclckjsredirfromyandex-rusearchweb, katie moussouris, platform, vcorelan, vulnerability disclosure, www-corelan-be

BlackHatEU2013 – Day2 – The Sandbox Roulette: Are you ready to ramble

Published March 15, 2013 |

By Peter Van Eeckhoutte (corelanc0d3r)

Good morning friends, I’d like to welcome you back on this second day of BlackHat Europe 2013. Day 1 has been pretty interesting, so let’s see how day 2 goes (especially after Rapid7 and IOActive parties last night). I think there is no better way of starting the second day at a conference with – […]

Posted in Cons and Seminars, Uncategorized | Tagged 2013, blackhat, blackhat europe, buffer zone pro, bug-the-sandbox, cve-2012-0217, day-2-the-sandbox-user, escape, ms11-087, MS12-042, rafal wojtczuk, rahul kashyap, sand-box-day-2, sandbox, sandboxie, smep-bypass, sysret.exe, the-sandbox-day-2, the-sandbox-user-created-day-2, windows-kernel-font-fuzzing

Debugging Fun – Putting a process to sleep()

Published February 29, 2012 |

By Corelan Team (Lincoln)

Recently I played with an older CVE (CVE-2008-0532, http://www.securityfocus.com/archive/1/489463, by FX) and I was having trouble debugging the CGI executable where the vulnerable function was located.
Continue reading →

Posted in 001_Security, Exploit Writing Tutorials, Malware and Reversing, Uncategorized | Tagged cgi, corelan, corelan team, cve-2008-0532, debugger, entrypoint, f, function, fx, hook, immunity, isdebuggerpresent, jit, just in time, loop, pefile, python, rva, sleep, www-corelan-be

WoW64 Egghunter

Published November 18, 2011 |

By Corelan Team (Lincoln)

Traditional Egghunter An Egghunter is nothing more than an assembly routine to find shellcode somewhere in memory. We typically deploy an Egghunter when there is no more room in our buffer that we can use to initially redirect EIP to. If we are able to load our shellcode elsewhere in process memory, the Egghunter will […]

Posted in 001_Security, Exploit Writing Tutorials, Uncategorized | Tagged 32bit, 64bit, access violation, dep, egg, egghunter, fs, hunter, int2, interrupt, matt miller, metasploit, nasm, ntaccesscheckandauditalarm, omelet, shellcode, skape, syscall, sysenter, tag, teb, virtualalloc, virtualprotect, w00t, wow64

Mona 1.0 released !

Published June 16, 2011 |

By Peter Van Eeckhoutte (corelanc0d3r)

FINALLY !
After spending almost 6 months of designing, developing and testing, and after ‘surviving’ 2 presentations (at AthCon and Hack In Paris), I am extremely excited and proud to present, on behalf of the entire Corelan Team, the general availability of mona.py.

With this announcement, we also declare pvefindaddr officially dead from this point forward. (This doesn’t mean pvefindaddr is now entirely worthless, because not all functions have been ported into mona yet, but we won’t be releasing any updates to pvefindaddr anymore and the entire project page/download page will eventually disappear)
Continue reading →

Posted in 001_Security, Exploit Writing Tutorials, Exploits, Uncategorized | Tagged eip, exploit, gadget, immunity, immunity debugger, immunitydbg-mona-example, immunitydbg-search-for-rop, mona, mona-corelan, mona-corelan-bad-characters, mona-download, mona-py-search-for-pointers, mona-py-youku, mona.py, monapy, pvefindaddr, pycommand, return oriented programming, rop, rop automation

HITB 2011 CTF – Reversing Vectored Exception Handling (VEH)

Published April 3, 2011 |

By Corelan Team (fancy)

Today we will have a look at a CTF binary from HITB pre qualifications CTF 2011. This is an interesting binary to reverse because Vectored Exception Handling (VEH) was used in the challenge…
Continue reading →

Posted in 001_Security, Malware and Reversing, Uncategorized | Tagged -exploit-handler-part-6-1, 2011-hitb, corelan, ctf, ctf-hitb, ctf-reversing-unsolved-binaries, debug, exception, fancy, handler, hitb, hitb-2011, hitb-2011-ctf, hitb-2011-schedule, reversing-ctf, vectored, vectored-exception-handling, vectored-exception-handling-exploiting, vectoredexceptionhandle, veh

Honeynet Workshop 2011

Published March 30, 2011 |

By Corelan Team (ekse)

March 21th I was in Paris for the annual Honeynet Workshop. For the first time this year there was a conference day accessible to the general public. Moreover, I didn’t have to pay the registration fee since I successfully completed one of the Honeynet Forensics challenges. The day was split in 4 sessions and had talks covering the Honeynet projects, malware, and ethical and legal considerations of tracking botnets and eventual take-downs.
Continue reading →

Posted in 001_Security, Cons and Seminars, Malware and Reversing, Uncategorized | Tagged 2011, angeloa dell'area, bayesian, bytecode, capture-hpc, christian seifert, ctf, david watson, dionanea, ekse, form grabbing, georg wicherski, glastopf, google, honeyclient, honeynet, honeypot, lance james, libscizzle, lukas rist, malicous, malware, multicap, nepenthes, oxff, packet, phoneyc, python, qemu, reassemble, sandbox, sebek, sniffing, spidermonkey, spyeye, streams, summer of code, tillman werner, vmware, wireshark, workshop, zeus

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

HITB2014AMS – Interview with Katie Moussouris

BlackHatEU2013 – Day2 – The Sandbox Roulette: Are you ready to ramble

Debugging Fun – Putting a process to sleep()

WoW64 Egghunter

Mona 1.0 released !

HITB 2011 CTF – Reversing Vectored Exception Handling (VEH)

Honeynet Workshop 2011

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!