Security Unplugged !!!

Bit of Everything! Vulnerability Research, Reverse Engineering, Malware Analysis, Exploits etc...

Praveen D

View my complete profile

Monday, March 3, 2014

Info to Exploit Writing

https://code.google.com/p/it-sec-catalog/wiki/Exploitation

Exploit writing tutorials from corelanc0d3r
https://www.corelan.be/
http://www.exploit-db.com/

Heap overflow
https://net-ninja.net/

Heap Spray
https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/
http://www.fuzzysecurity.com/tutorials/expDev/8.html
https://www.greyhathacker.net/?p=549
https://community.rapid7.com/community/metasploit/blog/2013/03/04/new-heap-spray-technique-for-metasploit-browser-exploitation
https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/

Use After Free
http://www.fuzzysecurity.com/tutorials/expDev/11.html
http://www.thegreycorner.com/2010/01/heap-spray-exploit-tutorial-internet.html
http://www.blackhat.com/presentations/bh-usa-07/Afek/Whitepaper/bh-usa-07-afek-WP.pdf

Posted by Praveen D at 12:45 AM

Email This BlogThis!Share to X Share to Facebook Share to Pinterest

Labels: Exploit, rce, Security

No comments:

Post a Comment

Newer Post Older Post Home

Subscribe to: Post Comments (Atom)

NVD CVE/CCE Search Engine

Search for Vulnerabilities
Enter vendor, software, or keyword

Followers

Blog Archive

► 2020 (1)
- ► February (1)

► 2019 (3)
- ► September (3)

► 2018 (3)
- ► December (1)
- ► January (2)

► 2017 (4)
- ► December (1)
- ► October (1)
- ► April (2)

► 2015 (26)
- ► September (1)
- ► April (3)
- ► March (4)
- ► February (11)
- ► January (7)

▼ 2014 (40)
- ► December (6)
- ► November (1)
- ► October (2)
- ► September (2)
- ► August (3)
- ► July (5)
- ► June (2)
- ► May (4)
- ► April (7)
- ▼ March (5)
- ► January (3)

► 2013 (4)
- ► December (4)

► 2012 (22)
- ► November (2)
- ► August (4)
- ► July (2)
- ► June (5)
- ► May (3)
- ► April (2)
- ► February (1)
- ► January (3)

► 2011 (4)
- ► September (2)
- ► July (1)
- ► May (1)

► 2010 (12)
- ► November (1)
- ► October (1)
- ► September (1)
- ► August (2)
- ► July (2)
- ► June (3)
- ► May (2)

► 2009 (8)
- ► October (1)
- ► September (1)
- ► August (1)
- ► April (1)
- ► March (1)
- ► February (2)
- ► January (1)

► 2008 (1)
- ► November (1)

Unique Clicks

counter on blogger

Total Pageviews

609,690

Security Blogs

AVG Analysis
extraexploit
Google Security
ISS FrequencyX Blog
MalwareThreatCenter(SRI International)
McAfee Labs
MS Malware
MS Security Response
MSDN
SANS Diary
Sophos
Sourcefire
Symantec SecurityResponse
The Honeynet Project
Trend
ZDNet

Browser Stuff

IE Blog
GNUCITIZEN
Larholm
Browser Fun

Exploits/WhitePapers/Videos

IronGeek
OpenRCE
WindowSecurity
SecurityTube
ExploitDB

Programming/ Coding

The Code Project
Microsoft Technologies
GoogleCode Blog
Java Programming @SUN
CodeGuru
Cafe au Lait Java

Networks

The TCP/IP Guide
CISSP Preparation
CCNA Blog
Juniper Blog
CCIE Blog

@RISK: The Consensus Security Alert

SANSFIRE 2011

IBM Internet Security Systems Internet Threat Information

Multiple Adobe Flash Player code execution vulnerabilities
glibc gethostbyname buffer overflow vulnerability
Microsoft Windows OLE Automation Array Remote Code Execution
Vulnerability in Microsoft OLE Could Allow Remote Code Execution
Microsoft Windows OLE code execution

US-CERT Cyber Security Alerts

AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
AA21-321A: Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
AA21-291A: BlackMatter Ransomware
AA21-287A: Ongoing Cyber Threats to U.S. Water and Wastewater Systems
AA21-265A: Conti Ransomware

National Vulnerability Database

CVE-2023-36409
CVE-2023-36769
CVE-2023-45556
CVE-2023-47004
CVE-2023-4810

Learn Malware Analysis

IDA Pro, Decompilation, Binary Analysis
Binary Auditing

Technology News

http://www.heavyreading.com/
http://www.h-online.com/
http://www.extremetech.com/
Dark Reading

Dark Reading - All Stories

87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - 2/24/2023 - Jeffrey Schwartz, Contributing Writer, Dark Reading
Student Medical Records Exposed After LAUSD Breach - 2/23/2023 - Dark Reading Staff, Dark Reading
Pirated Final Cut Pro for macOS Offers Stealth Malware Delivery - 2/23/2023 - Jai Vijayan, Contributing Writer, Dark Reading
AUVSI Launches Green UAS Cybersecurity Certification Program For Commercial Drones - 2/23/2023 -
Forsage Founders Indicted in $340M DeFi Crypto Scheme - 2/23/2023 -

SANS Technology Institute - Security Laboratory

ISE/M 6100 - Security Project Practicum - Invalid Date
Physical Security - Invalid Date
Android Security Workaround - Invalid Date
Will the Ph.D. become the Cybersecurity Terminal Degree? - Invalid Date
Denial of Service - Invalid Date

Threat Level

Ntdebugging Blog

Virtual Machine Managment Hangs on Windows Server 2012 R2 Hyper-V Host - 1/22/2016 - ntdebug
When Special Pool is not so Special - 11/4/2015 - ntdebug
We Are Hiring – North Carolina and Texas - 10/16/2015 - ntdebug
Uncover the mystery of a bugcheck 0x24 (NTFS_FILE_SYSTEM) - 4/30/2015 - ntdebug
We Are Hiring Windows Escalation Engineers in Munich, Germany - 1/15/2015 - ntdebug

Praveen Darshanam. Watermark theme. Powered by Blogger.