corelanc0d3r

Heap Layout Visualization with mona.py and WinDBG

Published January 18, 2013 |

Introduction Time flies. Almost 3 weeks have passed since we announced the ability to run mona.py under WinDBG. A lot of work has been done on mona.py in the meantime. We improved stability and performance, updated to pykd.pyd 0.2.0.14 and ported a few additional immlib methods to windbglib. I figured this would be a good […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits, mona, Tools | Tagged block, chunk, corelan, corelanc0d3r, debugger, heap, knowledgebase, layout, microsoft-windbg-heap, mona, mona-heap-find, mona-py-heap, mona-py-heap-find, mona-py-windbg, mona.py, plugin, pykd.pyd, segment, visualization, windbg

Happy New Year – here’s my special gift to you, corelanc0d3r

Published December 31, 2012 |

By Peter Van Eeckhoutte (corelanc0d3r)

I’m not going to spend a lot of words on this. Facts speak for themselves. A short while ago, I discovered this: http://www.hackforums.net/showthread.php?tid=3031925 (you need to register to get access to the thread). Screenshot : idle-hands profile : Reputation I registered a useraccount “corelanc0d3r” and used the “Report” button, but for some reason my user […]

Posted in Exploit Writing Tutorials | Tagged a-gift-for-each-person-happy-new-year, copyright, corelan, corelan live, corelan team, corelan-be-happy-new-year-gift, corelan-win32-exploiting-bootcamp-download-pdftorrent, corelanc0d3r, corelanc0d3r-powershell-script, courseware, hackforums, happy-new-year-gift, happy-new-years-heres-my-special-gift-to-you, idle-hands, image-of-happy-new-year-to-my-special-one, my-special-gift, my-special-gift-to-you, selling, this-is-a-my-special-present, violation

mona.py – the manual

Published July 14, 2011 |

By Peter Van Eeckhoutte (corelanc0d3r)

This document describes the various commands, functionality and behaviour of mona.py.

Released on june 16, this pycommand for Immunity Debugger replaces pvefindaddr, solving performance issues and offering numerous new features. pvefindaddr will still be available for download until all of its functionality has been ported over to mona.
Continue reading →

Posted in 001_Security, Exploit Writing Tutorials | Tagged automation, corelan, corelanc0d3r, documentation, exploit, exploit development, immunity, immunity debugger, metasploit, mona, mona.py, pattern, plugin, pycommand, python, rapid7, rop, rop automation, rop gadget, suggest

corelanc0d3r interviewed by Slo-Tech

Published May 10, 2010 |

By Peter Van Eeckhoutte (corelanc0d3r)

Introduction: We continue our series of interviews with a slightly »unusual« talk this time: Peter Van Eeckhoutte may be unknown to readers who don’t follow the InfoSec scene on a daily basis. But he is well known to the international security community and his name is climbing fast on the list of top security researchers. He’s […]

Posted in 001_Security, Private | Tagged corelanc0d3r, interview, mona-switcher-slo-tech, Peter Van Eeckhoutte, slo-tech, slotech-international

corelanc0d3r interviewed by CubilFelino Security Research Labs

Published April 20, 2010 |

By Peter Van Eeckhoutte (corelanc0d3r)

Hi all, Just wanted to drop a few words about that fact that I have been interview by chr1x (, the maintainer of CubilFelino Security Research Labs (sectester.net). You can read the entire interview here : http://chr1x.sectester.net/corelanc0d3r.php If you have any questions, want to share your thoughts or comments, please use the comments form at […]

Posted in Private | Tagged chr1x, corelan-heap-spray, corelan-labs, corelanc0d3r, corelanc0d3r-interview, cubilfelino, cubilfelino-security-research, cubilfelino-security-research-lab, interview, odf-peter-van-eeckhoutte-from-the-corelan-team-on-the-first-half-of-his-presentation, ssh-key-with-pin

QuickZip Stack BOF 0day: a box of chocolates

Published March 27, 2010 |

By Peter Van Eeckhoutte (corelanc0d3r)

Over the last couple of weeks, ever since I published 2 articles on the Offensive Blog, I have received many requests from people asking me if they could get a copy of those articles in pdf format. My blog does not include a pdf generator, but it has a “print” button, so you can get […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged 0day, 0day-cisco, character set, corelan-quickzip, corelan-safeseh, corelanc0d3r, decoder, encoder, esp-ebp, filename, limitation, memory-heap-stack-esp-ebp, metasploit-cyclic-pattern, Peter Van Eeckhoutte, quickzip, seh, stack-esp-ebp, try harder, windbg-wscr-scripts, zip

corelanc0d3r featured on Offensive Security Blog

Published March 7, 2010 |

By Peter Van Eeckhoutte (corelanc0d3r)

A few moments ago I published a detailed write-up, explaining the steps I took to build a 0day exploit for a zip file handling bug in QuickZip, on the Offensive Security blog. You can read the article here : http://www.offensive-security.com/blog/vulndev/quickzip-stack-bof-0day-a-box-of-chocolates/

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged 0day, corelanc0d3r, corelanc0d3r-exploit, corelanc0d3r-exploit-writing-tutorial, corelanc0d3r-tutorial, corelanc0d3rs-exploit-dev-cheat-sheet, corelanc0d3rs-exploit-dev-cheatsheet, corlanc0d3r, exploit, how-strong-is-your-fu-writeup-corelan, offensive security, offensive-security-article, offensive-security-seh, offensive-security-tutorial, offensive-security-tutorials, offsec, offsec-blogspot, quickzip, seh, tutorial-offensive-security-forum

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Heap Layout Visualization with mona.py and WinDBG

Happy New Year – here’s my special gift to you, corelanc0d3r

mona.py – the manual

corelanc0d3r interviewed by Slo-Tech

corelanc0d3r interviewed by CubilFelino Security Research Labs

QuickZip Stack BOF 0day: a box of chocolates

corelanc0d3r featured on Offensive Security Blog

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!