asm

Windows 10 egghunter (wow64) and more

Published April 23, 2019 |

Introduction Ok, I have a confession to make, I have always been somewhat intrigued by egghunters. That doesn’t mean that I like to use (or abuse) an egghunter just because I fancy what it does. In fact, I believe it’s a good practise to try to avoid egghunters if you can, as they tend to […]

Posted in Exploit Writing Tutorials, Exploits | Tagged asm, assembly, corelan-tutorial, egg, egghunter, exception handling, getpc, httpslnkd-indhauzer, nasm, ntaccesscheckandauditalarm, pentester, seh, shellcode, structured exception handler, syscall, tools-mail, w00t, w00tw00t, windows 10, wow64

Metasploit Bounty – the Good, the Bad and the Ugly

Published July 27, 2011 |

By Corelan Team (Lincoln)

On June 14, 2011 HD Moore announced the Metasploit Bounty contest, offering a cash incentive for specific vulnerabilities to be submitted as modules in the Metasploit Framework. Titled “30 exploits, $5000 in 5 weeks”, a post on the Rapid7 blog lists the 30 “bounties” selected by the MSF team, waiting for someone to claim and submit a working exploit module.
Continue reading →

Posted in 001_Security, Exploits | Tagged advapi32.dll, aslr, asm, auriemma, bounty, carchive, cash, challenge, contest, debugger, dep, egg, egghunter, exploit, fix, genbroker, genclient, genesis, hd moore, heap, hmi, iat, iconics, immunity, incentive, integer, luigi, malloc, metasploit, meterpreter, mfc71u.dll, migrate, mona.py, ntsetinformationprocess, opcode, overflow, payload, peb, rop, rop.txt, ropfunc, scada, serialization, spray, stage, unicode, venetian, vtable, w00tw00t, windbg

Exploit writing tutorial part 9 : Introduction to Win32 shellcoding

Published February 25, 2010 |

By Peter Van Eeckhoutte (corelanc0d3r)

Over the last couple of months, I have written a set of tutorials about building exploits that target the Windows stack. One of the primary goals of anyone writing an exploit is to modify the normal execution flow of the application and trigger the application to run arbitrary code… code that is injected by the […]

Posted in 001_Security, Exploit Writing Tutorials | Tagged asm, assembly, bad chars, beta3, bits 32, bytecode, calc, charset limitation, decoder, encoder, ExitFunc, ExitProcess, ExitThread, exploit, exploit writing, find function, fstenv, fstenv_mov, GetProcess, hash, intel, introduction win, kernel32, loadlibraryA, loopd, MessageBoxA, metasploit, nasm, null bytes, opcode, part introduction, peb, pvefindaddr, pvereadbin.pl, pvewritebin.pl, seh, shellcode, shikata_ga_nai, skylined, topstack, tutorial part, user32, w32-testival, win shellcoding, win32, WinExec, writing, writing tutorial, x86

Exploit writing tutorial part 8 : Win32 Egg Hunting

Published January 9, 2010 |

By Peter Van Eeckhoutte (corelanc0d3r)

Introduction Easter is still far away, so this is probably the right time to talk about ways to hunting for eggs (so you would be prepared when the easter bunny brings you another 0day vulnerability) In the first parts of this exploit writing tutorial series, we have talked about stack based overflows and how they […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged alpha2, alpha3, alphanumeric, asm, bad char, custom encoder, direct ret, egg, eip, encode, exploit, exploit writing, find shellcode, hunter, hunting, immunity, inject, isbadreadptr, marker, memory, metasploit, nasm, nop, ntdisplaystring, omelet, pvefindaddr, search, seh, shellcode, skape, skylined, small buffer, staged, tag, trampoline, tutorial, unicode, venetian, win32, win32_seh_omelet

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Windows 10 egghunter (wow64) and more

Metasploit Bounty – the Good, the Bad and the Ugly

Exploit writing tutorial part 9 : Introduction to Win32 shellcoding

Exploit writing tutorial part 8 : Win32 Egg Hunting

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!