Monalisa was created to demonstrate basic usage of the mona plugin on the Immunity Debugger for a small workshop presentation that I'll be giving for the security club at DePaul University. My overall goal is to provide a hands on session where members can experiment with different exploitation techniques using mona. Hopefully by the end of the workshop, the only smile that we'll see will be on our faces, when we get a shell.

For this demonstration, we'll be attacking a stack buffer overflow vulnerability that exists in version 2 of the Kolibri HTTP server. This specific application was chosen for simplicity and demonstration purposes only. For reference, feel free to learn more about the vulnerability assigned CVE-2002-2268.

The techniques that will be presented using the vulnerable application will include an egg hunter, and hopefully a seh-based exploit (as of this update, I have not attempted this yet). Also, just for the record, I'm not an expert in this subject. In fact, I'm always learning, and like me, hopefully you too express an interest in this area. Have fun!