|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Does Fuzzing really work?
From: Charlie Miller (cmiller
securityevaluators.com)
Date: Wed Sep 27 2006 - 07:58:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ergosum wrote:
> Hi all,
> I'm with Halvar here, it's not only a permutation of commands, but more
> things are to be evaluated, possible combination of commands, that includes 2
> by 2, 3 by 3, etc. Not only that, but possible payloads and timings to try to
> uncover race conditions, etc. Much more than 12! as Halvar points out.
>
> Can someone send some interesting papers on fuzzing strategies? (Apart from
> the ones from Dave which all of us know :) ). I would like to link this with
> the thread about "Unknown Application Protocol Analysis", is there any
> prototype that uses both concepts? Automatic protocol discovery an
> subsequently fuzzing of it?
>
> Cheers
>
Try GPF:
http://www.appliedsec.com/developers.html
Charlie
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]