Windows 10 x86/wow64 Userland heap
Corelan Team (corelanc0d3r) 2016-7-5 21:59 转存
Introduction Hi all, Over the course of the past few weeks ago, I received a number of "emergency" calls from some relatives, asking me to look at their computer because "things were broken", "things looked different" and "I think my computer got hacked".  I quickly realized that their computers got upgraded to Windows 10. We […]

原文阅读

EncFSGui – GUI Wrapper around encfs for OSX
Corelan Team (corelanc0d3r) 2016-1-31 21:8 转存
Introduction 3 weeks ago, I posted a rant about my frustration/concern related with crypto tools, more specifically the lack of tools to implement crypto-based protection for files on OSX, in a point-&-click user-friendly way.  I listed my personal functional and technical criteria for such tools and came to the conclusion that the industry seem to […]

原文阅读

Crypto in the box, stone age edition
Corelan Team (corelanc0d3r) 2016-1-6 11:55 转存
Introduction First of all, Happy New Year to everyone! I hope 2016 will be a fantastic and healthy year, filled with fun, joy, energy, and lots of pleasant surprises. I remember when all of my data would fit on a single floppy disk. 10 times. The first laptops looked like (and felt like) mainframes on […]

原文阅读

How to become a pentester
Corelan Team (corelanc0d3r) 2015-10-13 12:30 转存
Intro I receive a lot of emails.  (Please don’t make it worse, thanks!)   Unfortunately I don’t have as much spare time as I used to, or would like to, so I often have no other choice than to redirect questions to our forums or our IRC channel (#corelan on freenode), hoping that other members […]

原文阅读

Analyzing heap objects with mona.py
Corelan Team (corelanc0d3r) 2014-8-16 15:9 转存
Introduction Hi all, While preparing for my Advanced exploit dev course at Derbycon, I’ve been playing with heap allocation primitives in IE.  One of the things that causes some frustration (or, at least, tends to slow me down during the research) is the ability to quickly identify objects that may be useful. After all, I’m […]

原文阅读

CSO : Common Sense Operator/Operations
Corelan Team (corelanc0d3r) 2014-6-3 8:5 转存
As the CSO/CISO/person responsible for Information Security, your job is to…  well … do you even know?  Does upper management know?  "Our crappy CSO …" and "Our stupid CSO …" are statements commonly used by various (techie) people, throwing their hands up in despair, attempting to prove that their CSO doesn’t understand technology and has […]

原文阅读

HITB2014AMS – Day 2 – On Her Majesty’s Secret Service: GRX & A Spy Agency
Corelan Team (corelanc0d3r) 2014-5-30 13:13 转存
Last year, Belgacom got hacked by an intelligence service (GCHQ?), Rob says. “What is so interesting about this hack, why did they hack into Belgacom, what would or could be the purpose of a similar hack?”  Before answering those questions, we need to take a quick look on how mobile networks work and how mobile […]

原文阅读

HITB2014AMS – Day 2 – Exploring and Exploiting iOS Web Browsers
Corelan Team (corelanc0d3r) 2014-5-30 10:19 转存
iOS Browsers & UIWebview iOS is very popular (according to StatCounter, it’s the 3rd most popular platform used).  Mobile browsers take about 20% to 25% of the market share. iOS offers integration with desktop browsers and cloud (so the same data is available to an attacker).  Many 3rd party IOS browsers have similar weaknesses which […]

原文阅读

HITB2014AMS – Day 2 – Keynote 4: Hack It Forward
Corelan Team (corelanc0d3r) 2014-5-30 8:32 转存
Good morning Amsterdam, good morning readers, welcome to the second day of the Hack In The Box conference. The speaker for the first keynote didn’t show up,  so we’ll jump right into the next keynote. Jennifer starts her keynote by explaining that she’s fortunate to be able to travel to a lot of conferences and […]

原文阅读

HITB2014AMS – Interview with Katie Moussouris
Corelan Team (corelanc0d3r) 2014-5-29 13:29 转存
Hi all, I had the pleasure to meet with Katie Moussouris after her keynote at Hack In The Box. After the announcement that she has left Microsoft and now serves as Chief Policy Offer (CPO) at HackerOne.  I wanted to ask her 2 questions about this new step in her carreer: Peter: Why HackerOne? Katie: […]

原文阅读

本站作者

每日荐书

在不完美的世界力求正常——读《公司的坏话》

书名:《公司的坏话》

作者:李天田(脱不花妹妹)

出版社:北京大学出版社

赞助商

广告