|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Does Fuzzing really work?
From: Ian Melven (ian.melven
gmail.com)
Date: Wed Sep 27 2006 - 10:45:51 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
There's a lot of links to fuzzing papers, tools, and articles here.
http://www.threatmind.net/secwiki/FuzzingTools
There's an interesting talk scheduled for Ruincon at the end of
October on this I'm looking forward to also.
Ian
On 9/27/06, Charlie Miller <cmillersecurityevaluators.com> wrote:
> ergosum wrote:
> > Hi all,
> > I'm with Halvar here, it's not only a permutation of commands, but more
> > things are to be evaluated, possible combination of commands, that includes 2
> > by 2, 3 by 3, etc. Not only that, but possible payloads and timings to try to
> > uncover race conditions, etc. Much more than 12! as Halvar points out.
> >
> > Can someone send some interesting papers on fuzzing strategies? (Apart from
> > the ones from Dave which all of us know :) ). I would like to link this with
> > the thread about "Unknown Application Protocol Analysis", is there any
> > prototype that uses both concepts? Automatic protocol discovery an
> > subsequently fuzzing of it?
> >
> > Cheers
> >
>
> Try GPF:
>
> http://www.appliedsec.com/developers.html
>
> Charlie
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]