|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Does Fuzzing really work?
From: ergosum (ergosum
neurosecurity.com)
Date: Wed Sep 27 2006 - 11:10:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wednesday 27 September 2006 17:45, Ian Melven wrote:
> There's a lot of links to fuzzing papers, tools, and articles here.
>
> http://www.threatmind.net/secwiki/FuzzingTools
>
Nice resource.
> There's an interesting talk scheduled for Ruincon at the end of
> October on this I'm looking forward to also.
>
There is also a Toorcon talk about the matter:
http://www.toorcon.org/2006/conference.html?id=10
Which btw is the guy from appliedsec that Charlie pointed out :)
> Ian
>
> On 9/27/06, Charlie Miller <cmillersecurityevaluators.com> wrote:
> > ergosum wrote:
> > > Hi all,
> > > I'm with Halvar here, it's not only a permutation of commands,
> > > but more things are to be evaluated, possible combination of commands,
> > > that includes 2 by 2, 3 by 3, etc. Not only that, but possible payloads
> > > and timings to try to uncover race conditions, etc. Much more than 12!
> > > as Halvar points out.
> > >
> > > Can someone send some interesting papers on fuzzing strategies?
> > > (Apart from the ones from Dave which all of us know :) ). I would like
> > > to link this with the thread about "Unknown Application Protocol
> > > Analysis", is there any prototype that uses both concepts? Automatic
> > > protocol discovery an subsequently fuzzing of it?
> > >
> > > Cheers
> >
> > Try GPF:
> >
> > http://www.appliedsec.com/developers.html
> >
> > Charlie
> > _______________________________________________
> > Dailydave mailing list
> > Dailydavelists.immunitysec.com
> > http://lists.immunitysec.com/mailman/listinfo/dailydave
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
--
Alejandro Barrera García-Orea
R&D Engineer
c/ Alcala 268 28027 Madrid
Office: +34 91 326 66 11
Fax: +34 91 326 66 11
e-mail: abarrerairon-gate.net
--
"We must be the change we wish to see in the world"
Mahatma Gandhi
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]