A solution to an exercise in Corelan Tutorial 10 on writing DEP and ASLR bypassing exploits. The solution illustrates grabbing leaked kernel32 address from memory, calculating an offset to VirtualProtect() and at last setting up a ROP chain to make a memory location with shellcode executable. Read more.
A solution to a small exercise in Corelan's Tutorial 9 on writing Windows 32-bit shellcode. The solution illustrates some techniques in removing null-bytes from a sample shellcode as well as a few tricks to keep the shellcode modular and easy to modify. Read more.
A solution to the AIMP2 exercise at the end of the Exploit Writing Tutorial Part 7 by Corelan Team. The solution illustrates a exploitation of Unicode applications using Venetian shellcoding techniques. Read more.
A solution to the MP3 Studio exercise at the end of the Exploit Writing Tutorial Part 3b by Corelan Team. The solution illustrates a sample buffer overflow exploitation of a Windows application. Read more.
The Sprawl project has undergone another major overhaul. The new site is designed to enhance usability and security by using the Django framework as a foundation. Read more.
A product of my research into password cracking methods, PACK (Password Analysis and Cracking Kit) is a collection of several utilities to assist in statistical password analysis and generation of cracking rule sets. Read more.
I had an opportunity to participate in the "Crack me if you can" password cracking competition during this year's Defcon. It was a fun and educational experience. Using a couple of video cards, decent processors as well as some research into password generation I was able to place 4th in the contest. In this post you can learn more about hardware, software and strategy used to crack about 25k passwords in two days. Read more.
My article on the Tor control protocol was published in the Winter 2009-2010 issue of the 2600 Magazine. Read more.
A review of Rice Tea, a fun cyberfiction novel by Julien McArdle. Read more.