|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Does Fuzzing really work?
From: Martin Vuagnoux (dailydave
vuagnoux.com)
Date: Thu Sep 28 2006 - 06:48:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ergosum wrote:
> On Wednesday 27 September 2006 17:45, Ian Melven wrote:
>
>> There's a lot of links to fuzzing papers, tools, and articles here.
>>
>> http://www.threatmind.net/secwiki/FuzzingTools
>>
>>
>
> Nice resource.
There is another tool and another paper at
http://autodafe.sourceforge.net (auto-ads :-)) The version 0.2 is
imminent with automatic detection of format string and heap overflow
under Linux. We are working on Windows version of the tracer based on
PaiMei...
And for Jared who loves Macromedia Flash presentation, :-) there is the
slides too.
Although Autodafe needs to know the protocol, it uses dissector from
wireshark/ethereal to convert it automatically, lot of time saved...
There is a old but efficient project called "Security Bug Catcher" which
is based on the state of a program. An implementation for FTP, has been
developed (check:
http://lasecwww.epfl.ch/~oechslin/projects/bugcatcher/). It has been
created under the supervision of Philippe Oechslin (yes, the rainbow
tables).
Regards, Martin
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]