|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: tools for searching potential BO in binary code
From: Aviram Jenik (aviram
beyondsecurity.com)
Date: Sun Jun 19 2005 - 05:45:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Jason,
I'm not sure if that's what you meant, but we have a tool called beSTORM that
finds buffer overflows in closed products (without requiring the source code)
by testing all possible protocol combinations.
beSTORM is responsible for most of the advisories we've released in the last
couple of years (http://www.securiteam.com/advisories/) but it has not yet
been launched 'officially'.
Contact me off list if you would like more info.
Best Regards,
Aviram Jenik
Beyond Security
http://www.BeyondSecurity.com
http://www.SecuriTeam.com
The First Integrated Network and Web Application Vulnerability Scanner:
http://www.beyondsecurity.com/webscan-wp.pdf
On Wednesday 15 June 2005 21:19, Syversen, Jason M (US SSA) wrote:
> As mentioned below Bugscan was sold to LogicLibrary and is not called
> LogicScan. They are not selling Icebox as a product but they are selling
> Inspector, which is kind of an integrator for Ollydbg and IDA Pro with
> some plugins. Like Bugscan, really not cheap though. Halvar Flake will
> have something coming out in the September timeframe, see Sabre
> Security's web site for more information. Many people have home-grown
> utilities to do this work but don't productize/release it because that's
> where they get their 0-days from...
>
> Anyone else know of binary analysis tools that are out there, open
> source or commercial?
>
> - Jason
>
> -----Original Message-----
> From: Kyle Quest [mailto:Kyle.Questnetworkengines.com]
> Sent: Monday, June 13, 2005 12:15 PM
> To: vuln-devsecurityfocus.com
> Subject: RE: tools for searching potential BO in binary code
>
>
> It all depends on how much money you are
> willing to pay. There was something called Bugscan
> and it was definitely not cheap from what i understand.
> The program was originally developed
> by the company called HBGary (the name
> Greg Hoglund should ring the bell :-] ).
> It seems like it was spun off into a separate
> company. At some point Bugscan was acquired
> by LogicLibrary. I dont know what happened
> to it after that, but if you look at the HBGary
> website now, they seem to have some new product
> that might be useful (check out something called Icebox).
>
> Kyle
>
> -----Original Message-----
> From: Nix Yog [mailto:yognixgmail.com]
> Sent: Wednesday, June 01, 2005 2:22 AM
> To: vuln-devsecurityfocus.com
> Subject: tools for searching potential BO in binary code
>
>
> hi all,
> something like bugscam, but more functional?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]