• researchlatest

    nlxx crackme solution has a nice of collection crackmes, fun and educational challenges useful for honing your reversing skills. Looking at the latest submissions section there was a recently published Crackme by nlxx rated at difficulty 2. In this guide I will go over the static analysis based solution to this crackme and explain how to write a key generator. Read more.

    open security training - introductory x86 - buffer overflow mystery box

    A walkthrough for the Mystery Box Buffer Overflow challenge in the Open Security Training - Introductory x86 class. Read more.

    automatic password rule analysis and generation

    The field of password cracking has evolved by leaps an bounds over the last decade with the introduction of new cracking techniques, more advanced software and significantly faster hardware. One area which I find most fascinating is rule-based cracking. An attacker can develop a set of word mangling rules (e.g. substitute all 'a's to '@'s, upper-case every third letter, etc.) in order to attack non-random passwords which use slightly modified dictionary words. The purpose of this research is to develop an automated method of analyzing a large body of leaked passwords in order to come up with a list of frequently used words and rules to make up passwords. Read more.

    ios data interception

    Network traffic analysis is an important ingredient of a good iOS app pentest. The article covers several common approaches to iOS specific data interception such as network proxying, defeating network encryption, traffic injection and others. Read more.

    writing nmap nse scripts for vulnerability scanning

    The article discusses capabilities and application of Nmap Scripting Engine for the purpose of vulnerability scanning. By adapting code snippets covered here, you will be able to quickly develop, scan and generate reports for new vulnerabilities without waiting for mainstream scanners. Read more.

    corelan - tutorial 10 - exercise solution

    A solution to an exercise in Corelan Tutorial 10 on writing DEP and ASLR bypassing exploits. The solution illustrates grabbing leaked kernel32 address from memory, calculating an offset to VirtualProtect() and at last setting up a ROP chain to make a memory location with shellcode executable. Read more.

    corelan - tutorial 9 - exercise solution

    A solution to a small exercise in Corelan's Tutorial 9 on writing Windows 32-bit shellcode. The solution illustrates some techniques in removing null-bytes from a sample shellcode as well as a few tricks to keep the shellcode modular and easy to modify. Read more.

    corelan - tutorial 7 - exercise solution

    A solution to the AIMP2 exercise at the end of the Exploit Writing Tutorial Part 7 by Corelan Team. The solution illustrates a exploitation of Unicode applications using Venetian shellcoding techniques. Read more.

    getting from seh to nseh

    A collection of techniques on Windows SEH exploitation. Specifically the article covers methods of reliable exploit development by getting from a successfully overwritten pointer to Exception Handler (SEH) to the pointer to the Next Exception Handler (NSEH) struct. Read more.

    corelan - tutorial 3b - exercise solution

    A solution to the MP3 Studio exercise at the end of the Exploit Writing Tutorial Part 3b by Corelan Team. The solution illustrates a sample buffer overflow exploitation of a Windows application. Read more.