corelan

Heap Layout Visualization with mona.py and WinDBG

Published January 18, 2013 |

Introduction Time flies. Almost 3 weeks have passed since we announced the ability to run mona.py under WinDBG. A lot of work has been done on mona.py in the meantime. We improved stability and performance, updated to pykd.pyd 0.2.0.14 and ported a few additional immlib methods to windbglib. I figured this would be a good […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits, mona, Tools | Tagged block, chunk, corelan, corelanc0d3r, debugger, heap, knowledgebase, layout, microsoft-windbg-heap, mona, mona-heap-find, mona-py-heap, mona-py-heap-find, mona-py-windbg, mona.py, plugin, pykd.pyd, segment, visualization, windbg

Happy New Year – here’s my special gift to you, corelanc0d3r

Published December 31, 2012 |

By Peter Van Eeckhoutte (corelanc0d3r)

I’m not going to spend a lot of words on this. Facts speak for themselves. A short while ago, I discovered this: http://www.hackforums.net/showthread.php?tid=3031925 (you need to register to get access to the thread). Screenshot : idle-hands profile : Reputation I registered a useraccount “corelanc0d3r” and used the “Report” button, but for some reason my user […]

Posted in Exploit Writing Tutorials | Tagged a-gift-for-each-person-happy-new-year, copyright, corelan, corelan live, corelan team, corelan-be-happy-new-year-gift, corelan-win32-exploiting-bootcamp-download-pdftorrent, corelanc0d3r, corelanc0d3r-powershell-script, courseware, hackforums, happy-new-year-gift, happy-new-years-heres-my-special-gift-to-you, idle-hands, image-of-happy-new-year-to-my-special-one, my-special-gift, my-special-gift-to-you, selling, this-is-a-my-special-present, violation

Corelan T-Shirt contest – Derbycon 2012

Published August 5, 2012 |

By Peter Van Eeckhoutte (corelanc0d3r)

If you didn’t register your ticket for the Corelan Live Exploit Development training at Derbycon 2012, then there is bad news for you… We’re sold out. Not all is lost though. For the second year in a row, Corelan Team is giving away one free ticket to the Corelan Live training at Derbycon 2012, which […]

Posted in Cons and Seminars | Tagged c0relan-exploit, core-lan, corelan, corelan team, corelan-8800, corelan-be, corelan-exploit-writing-tutorial, corelanteam, corelean-be, corlean-team, derbycon;t-shirt;design;contest;free ticket;training;corelan live;exploit development, exploit-development-corelan, exploit-tutorial-corelan, exploit-writing-peter, mona, mona-exploit, mona-exploit-tool, mona-py-manual, peter-exploit, www-google-pl

HITB2012AMS Day 1 – Window Shopping

Published May 24, 2012 |

By Peter Van Eeckhoutte (corelanc0d3r)

Window Shopping: Browser Bugs Hunting in 2012 In the last talk of Day 1, Roberto Suggi Liverani and Scott Bell (not present during the presentation), security consultants at Security-Assessment.com, will share the results of some intensive browser bug hunting research, and will drop 5 0days. Roberto starts by apologizing about the fact that Scott was not […]

Posted in Cons and Seminars | Tagged 0day, amsterdam, browser, browser-bug-hunting, bug, corelan, corelan-be, documentation-of-window-shopping, exploit, firefox, hack in the box, heap spray, hitb, hitb2012ams-blog, in-heap-spraying-exploit-writing-tutorial-addattachments-didnt-crashing-the-application, maxthon, opera-xcs-bookmarks, Peter Van Eeckhoutte, uaf, use after free

HITB2012AMS Day 1 – One Flew Over The Cuckoos Nest

Published May 24, 2012 |

By Peter Van Eeckhoutte (corelanc0d3r)

One Flew Over The Cuckoos Nest – Automated Malware Analysis Claudio Guarnieri, senior researcher at iSight Partner, and part of the Shadowserver Foundation and the HoneyPot project. He works with malware on a daily basis, maintains malwr.com and is the main developer of the Cuckoo Sandbox, which is also the main topic of his talk. […]

Posted in Cons and Seminars | Tagged automated analysis, claudio guarnieri, corelan, cuckoo, cuckoo-sandbox-development, cuckoo-sandbox-submit-web-form, Exploits, google summer of code, hitb2012ams, honeynet, in-memory-execution-cuckoo-sandbox, magnificent7, malware, malwr-interface, malwr.com, python, rapid7, sandbox, virtualbox, web-interface-cuckoo-submit

HITB2012AMS Day 1 – Intro and Keynote

Published May 24, 2012 |

By Peter Van Eeckhoutte (corelanc0d3r)

Introduction Good morning everyone, After spending a couple of hours on the train, picking up my HITB badge, meeting with some of the organizers and having a great evening hanging out with Steven Seeley, Roberto Suggi Liverani, Nicolas Grégoire, Andy Ellis, Didier Stevens, and some other folks, conference time has arrived. With the conference taking place […]

Posted in Cons and Seminars | Tagged adiosphpid, akamai, amsterdam, andy ellis, capabilities, corelan, download-immunity-debugger-exe-ollydbg, hack in the box, hack-in-the-box-amsterdam-2012-keynote, hack-in-the-box-amsterdam-2012-ppt, hitb, hitb-2012-keynote, hitb2012-merchandise, hitb2012ams, keynote, okura, poverty line, resources, security awareness, steven-seeley

Hack In The Box Amsterdam 2012 – Preview

Published May 17, 2012 |

By Peter Van Eeckhoutte (corelanc0d3r)

In less than a week from now, Hack In The Box Amsterdam will open its 2012 edition. The conference will take place in the Okura Hotel, and features 3 days of training, 2 days of quad-track talks, a CTF and HackWEEKDAY, a 12 hour hackathon hosted alongside the actual confererence. The line-up looks promising…
Continue reading →

Posted in Cons and Seminars | Tagged amsterdam, amsterdam-caro, corelan, corlean-be, ctf, fp, hack in the box, hack-in-a-box, hack-in-the-box-amsterdam, hack-in-the-box-amsterdam-2012, hack-in-the-box-okura, hackweekday, hitb, hitb-2012, hitb-2012-amsterdam, hitb-amsterdam-2012, mona-manual, okura, scom-create-monitor-file-existence, steven-seeley-conference

Reversing 101 – Solving a protection scheme

Published May 14, 2012 |

By Corelan Team (fancy)

In this post, we’ll look at an application reversing challenge from HTS (hackthissite.org) resembling a real-life protection scheme.
Put simple, the program creates a key for your username, and compares it to the one you enter.
The goal of the HTS challenge is to create a key generator, but I just want to demonstrate how to retrieve the password.
Continue reading →

Posted in Malware and Reversing | Tagged active-directory-schema-update-log, app17win-zip, breakpoint, challenge, corelan, corelan-be, corelan-be-ollydbg, corelen-be, crack, ctf, hackthissite, HTS, immunity debugger, keygen, ollydbg-tutorial-command-alt-f9, password, reverse engineering, reversing, reversing-challenge-2012, wargame

Debugging Fun – Putting a process to sleep()

Published February 29, 2012 |

By Corelan Team (Lincoln)

Recently I played with an older CVE (CVE-2008-0532, http://www.securityfocus.com/archive/1/489463, by FX) and I was having trouble debugging the CGI executable where the vulnerable function was located.
Continue reading →

Posted in 001_Security, Exploit Writing Tutorials, Malware and Reversing, Uncategorized | Tagged cgi, corelan, corelan team, cve-2008-0532, debugger, entrypoint, f, function, fx, hook, immunity, isdebuggerpresent, jit, just in time, loop, pefile, python, rva, sleep, www-corelan-be

Exploit writing tutorial part 11 : Heap Spraying Demystified

Published December 31, 2011 |

By Peter Van Eeckhoutte (corelanc0d3r)

A lot has been said and written already about heap spraying, but most of the existing documentation and whitepapers focus on IE7 or older versions.
Although there are a number of public exploits available that target IE8, the exact technique to do so has not been really documented in detail.
Of course, you can probably derive how it works by looking at those public exploits.

With this tutorial, I’m going to provide you with a full and detailed overview on what heap spraying is, and how to use it on old and newer platforms.
I’ll start with some “ancient” techniques (or classic techniques if you will) that can be used on IE6 and IE7.
We’ll also look at heap spraying for non-browser applications.
Next, we’ll talk about precision heap spraying, which is a requirement to make DEP bypass exploits work on IE8.
I’ll finish this tutorial with sharing some of my own research on getting reliable heap spraying to work on IE9.
Continue reading →

Posted in 001_Security, Exploit Writing Tutorials | Tagged 0c0c0c0c, actionscript, adobe, bmp, bstr, corelan, debugger, dep, exploit, exploit writing tutorial, firefox, freelists, gadget, gzip, heap, heapcreate, heaplib, image, immunity, internet explorer, javascript, lookasidelist, low fragmentation heap, metasploit, mona.py, moshe ben abu, pdf, pivot, return oriented programming, rop, ruby, sotirov, spray, string, substring, trancer, virtualalloc, vtable, windbg

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Heap Layout Visualization with mona.py and WinDBG

Happy New Year – here’s my special gift to you, corelanc0d3r

Corelan T-Shirt contest – Derbycon 2012

HITB2012AMS Day 1 – Window Shopping

HITB2012AMS Day 1 – One Flew Over The Cuckoos Nest

HITB2012AMS Day 1 – Intro and Keynote

Hack In The Box Amsterdam 2012 – Preview

Reversing 101 – Solving a protection scheme

Debugging Fun – Putting a process to sleep()

Exploit writing tutorial part 11 : Heap Spraying Demystified

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!