Security Unplugged !!!

Bit of Everything! Vulnerability Research, Reverse Engineering, Malware Analysis, Exploits etc...

Praveen D
View my complete profile

Monday, March 3, 2014

Info to Exploit Writing

https://code.google.com/p/it-sec-catalog/wiki/Exploitation

Exploit writing tutorials from corelanc0d3r
https://www.corelan.be/
http://www.exploit-db.com/

Heap overflow
https://net-ninja.net/

Heap Spray
https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/
http://www.fuzzysecurity.com/tutorials/expDev/8.html
https://www.greyhathacker.net/?p=549
https://community.rapid7.com/community/metasploit/blog/2013/03/04/new-heap-spray-technique-for-metasploit-browser-exploitation
https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/

Use After Free
http://www.fuzzysecurity.com/tutorials/expDev/11.html
http://www.thegreycorner.com/2010/01/heap-spray-exploit-tutorial-internet.html
http://www.blackhat.com/presentations/bh-usa-07/Afek/Whitepaper/bh-usa-07-afek-WP.pdf
Posted by Praveen D at 12:45 AM
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Labels: Exploit, rce, Security

No comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

NVD CVE/CCE Search Engine

Search for Vulnerabilities
Enter vendor, software, or keyword

Followers

Blog Archive

  • ►  2020 (1)
    • ►  February (1)
  • ►  2019 (3)
    • ►  September (3)
  • ►  2018 (3)
    • ►  December (1)
    • ►  January (2)
  • ►  2017 (4)
    • ►  December (1)
    • ►  October (1)
    • ►  April (2)
  • ►  2015 (26)
    • ►  September (1)
    • ►  April (3)
    • ►  March (4)
    • ►  February (11)
    • ►  January (7)
  • ▼  2014 (40)
    • ►  December (6)
    • ►  November (1)
    • ►  October (2)
    • ►  September (2)
    • ►  August (3)
    • ►  July (5)
    • ►  June (2)
    • ►  May (4)
    • ►  April (7)
    • ▼  March (5)
      • Opendaylight (ODL) Controller Debugging using OSGI...
      • OpenFlow 1.3 Protocol Packet Structure: OFPT_HELLO
      • SDN Opendaylight Controller: Add/Remove Flow Entri...
      • SDN Opendaylight Controller: Add/Remove Flow Entri...
      • Info to Exploit Writing
    • ►  January (3)
  • ►  2013 (4)
    • ►  December (4)
  • ►  2012 (22)
    • ►  November (2)
    • ►  August (4)
    • ►  July (2)
    • ►  June (5)
    • ►  May (3)
    • ►  April (2)
    • ►  February (1)
    • ►  January (3)
  • ►  2011 (4)
    • ►  September (2)
    • ►  July (1)
    • ►  May (1)
  • ►  2010 (12)
    • ►  November (1)
    • ►  October (1)
    • ►  September (1)
    • ►  August (2)
    • ►  July (2)
    • ►  June (3)
    • ►  May (2)
  • ►  2009 (8)
    • ►  October (1)
    • ►  September (1)
    • ►  August (1)
    • ►  April (1)
    • ►  March (1)
    • ►  February (2)
    • ►  January (1)
  • ►  2008 (1)
    • ►  November (1)

Unique Clicks

Total Pageviews

609,690

Security Blogs

  • AVG Analysis
  • extraexploit
  • Google Security
  • ISS FrequencyX Blog
  • MalwareThreatCenter(SRI International)
  • McAfee Labs
  • MS Malware
  • MS Security Response
  • MSDN
  • SANS Diary
  • Sophos
  • Sourcefire
  • Symantec SecurityResponse
  • The Honeynet Project
  • Trend
  • ZDNet

Browser Stuff

  • IE Blog
  • GNUCITIZEN
  • Larholm
  • Browser Fun

Exploits/WhitePapers/Videos

  • IronGeek
  • OpenRCE
  • WindowSecurity
  • SecurityTube
  • ExploitDB

Programming/ Coding

  • The Code Project
  • Microsoft Technologies
  • GoogleCode Blog
  • Java Programming @SUN
  • CodeGuru
  • Cafe au Lait Java

Networks

  • The TCP/IP Guide
  • CISSP Preparation
  • CCNA Blog
  • Juniper Blog
  • CCIE Blog

@RISK: The Consensus Security Alert

  • SANSFIRE 2011

IBM Internet Security Systems Internet Threat Information

  • Multiple Adobe Flash Player code execution vulnerabilities
  • glibc gethostbyname buffer overflow vulnerability
  • Microsoft Windows OLE Automation Array Remote Code Execution
  • Vulnerability in Microsoft OLE Could Allow Remote Code Execution
  • Microsoft Windows OLE code execution

US-CERT Cyber Security Alerts

  • AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
  • AA21-321A: Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
  • AA21-291A: BlackMatter Ransomware
  • AA21-287A: Ongoing Cyber Threats to U.S. Water and Wastewater Systems
  • AA21-265A: Conti Ransomware

National Vulnerability Database

  • CVE-2023-36409
  • CVE-2023-36769
  • CVE-2023-45556
  • CVE-2023-47004
  • CVE-2023-4810

Learn Malware Analysis

  • IDA Pro, Decompilation, Binary Analysis
  • Binary Auditing

Technology News

  • http://www.heavyreading.com/
  • http://www.h-online.com/
  • http://www.extremetech.com/
  • Dark Reading

Dark Reading - All Stories

  • 87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - 2/24/2023 - Jeffrey Schwartz, Contributing Writer, Dark Reading
  • Student Medical Records Exposed After LAUSD Breach - 2/23/2023 - Dark Reading Staff, Dark Reading
  • Pirated Final Cut Pro for macOS Offers Stealth Malware Delivery - 2/23/2023 - Jai Vijayan, Contributing Writer, Dark Reading
  • AUVSI Launches Green UAS Cybersecurity Certification Program For Commercial Drones - 2/23/2023 - 
  • Forsage Founders Indicted in $340M DeFi Crypto Scheme - 2/23/2023 - 

SANS Technology Institute - Security Laboratory

  • ISE/M 6100 - Security Project Practicum - Invalid Date
  • Physical Security - Invalid Date
  • Android Security Workaround - Invalid Date
  • Will the Ph.D. become the Cybersecurity Terminal Degree? - Invalid Date
  • Denial of Service - Invalid Date

Threat Level

    Ntdebugging Blog

    • Virtual Machine Managment Hangs on Windows Server 2012 R2 Hyper-V Host - 1/22/2016 - ntdebug
    • When Special Pool is not so Special - 11/4/2015 - ntdebug
    • We Are Hiring – North Carolina and Texas - 10/16/2015 - ntdebug
    • Uncover the mystery of a bugcheck 0x24 (NTFS_FILE_SYSTEM) - 4/30/2015 - ntdebug
    • We Are Hiring Windows Escalation Engineers in Munich, Germany - 1/15/2015 - ntdebug
    Praveen Darshanam. Watermark theme. Powered by Blogger.