A solution to the AIMP2 exercise at the end of the Exploit Writing Tutorial Part 7 by Corelan Team. The solution illustrates a exploitation of Unicode applications using Venetian shellcoding techniques. Read more.
A solution to the MP3 Studio exercise at the end of the Exploit Writing Tutorial Part 3b by Corelan Team. The solution illustrates a sample buffer overflow exploitation of a Windows application. Read more.
The Sprawl project has undergone another major overhaul. The new site is designed to enhance usability and security by using the Django framework as a foundation. Read more.
A product of my research into password cracking methods, PACK (Password Analysis and Cracking Kit) is a collection of several utilities to assist in statistical password analysis and generation of cracking rule sets. Read more.
I had an opportunity to participate in the "Crack me if you can" password cracking competition during this year's Defcon. It was a fun and educational experience. Using a couple of video cards, decent processors as well as some research into password generation I was able to place 4th in the contest. In this post you can learn more about hardware, software and strategy used to crack about 25k passwords in two days. Read more.
My article on the Tor control protocol was published in the Winter 2009-2010 issue of the 2600 Magazine. Read more.
