THE

SPRAWL

  •  
  •  
  •  
  • sprawlsimilar

    corelan - tutorial 3b - exercise solution

    A solution to the MP3 Studio exercise at the end of the Exploit Writing Tutorial Part 3b by Corelan Team. The solution illustrates a sample buffer overflow exploitation of a Windows application. Read more.

    01 oct
    2014
    exodus - vuln-dev - master class

    A few weeks ago I had a great pleasure of studying at a week-long training taught by Exodus Intelligence. The Vulnerability Development - Master Class was taught by Aaron Portnoy, Zef Cekaj, and Peter Vreugdenhil. The class had an excellent presentation of two complementary yet unique subjects of vulnerability discovery and exploit development primarily under Windows environment. The instructors are truly masters of their field which was reflected in the great quality and depth of the material.

    While it is still fresh in my mind, I would like to share with you some of the notes on the covered subjects, the recommended prerequisites, and tips on how to get the most out of this very intensive training. Read more.

    corelan - tutorial 9 - exercise solution

    A solution to a small exercise in Corelan's Tutorial 9 on writing Windows 32-bit shellcode. The solution illustrates some techniques in removing null-bytes from a sample shellcode as well as a few tricks to keep the shellcode modular and easy to modify. Read more.

    hackers 95

    Hackers 95 is an independent documentary by Phone-E and RF Burns shot during the summer of 1995. The documentary covers hacker happenings during that summer including Summercon and Defcon III. There are plenty of interviews and random clips from these two conferences. The documentary also includes a separate segment on Area 51 as well as a Secret Service press release on Operation Cybersnare. Read more.

    corelan - tutorial 10 - exercise solution

    A solution to an exercise in Corelan Tutorial 10 on writing DEP and ASLR bypassing exploits. The solution illustrates grabbing leaked kernel32 address from memory, calculating an offset to VirtualProtect() and at last setting up a ROP chain to make a memory location with shellcode executable. Read more.

    exploit exercises - protostar - stack levels

    Exploit Exercises' Protostar wargame includes a number of carefully prepared exercises to help hone your basic exploitation skills. In this walkthrough I will go over the stack exploitation portion of the wargame. Read more.

    exploit exercises - protostar - format string levels

    Exploit Exercises' Protostar wargame includes a number of carefully prepared exercises to help hone your basic exploitation skills. In this walkthrough I will go over the format string exploitation portion of the wargame. Read more.

    heap overflows for humans - 102 - exercise solution

    Heap Overflows For Humans is a series of articles by Steven Seeley that explore heap exploitation on Windows. In this article I will go over the exact reasoning and exploitation steps for an exercise created by Steven in the second article of the series. Read more.

    exploit exercises - protostar - final levels

    Exploit Exercises' Protostar wargame includes a number of carefully prepared exercises to help hone your basic exploitation skills. The final portion of the wargame combines Stack, Format String, Heap, and Network exploitation techniques into three excellent challenges to help solidify knowledge gained from previous exercises. Read more.

    ida sploiter

    Download idasploiter-1.0.zip
    Size 25.4 KB
    DateSeptember 14th, 2014
    Version1.0

    IDA Sploiter is a plugin for Hex-Ray's IDA Pro disassembler designed to enhance IDA's capabilities as an exploit development and vulnerability research tool. Some of the plugin's features include a powerful ROP gadgets search engine, semantic gadget analysis and filtering, interactive ROP chain builder, stack pivot analysis, writable function pointer search, cyclic memory pattern generation and offset analysis, detection of bad characters and memory holes, and many others. Read more.



    π
    ///\oo/\\\