Dailydave mailing list archives
Re: Does Fuzzing really work?
From: ergosum <ergosum () neurosecurity com>
Date: Wed, 27 Sep 2006 18:10:27 +0200
On Wednesday 27 September 2006 17:45, Ian Melven wrote:
There's a lot of links to fuzzing papers, tools, and articles here. http://www.threatmind.net/secwiki/FuzzingTools
Nice resource.
There's an interesting talk scheduled for Ruincon at the end of October on this I'm looking forward to also.
There is also a Toorcon talk about the matter: http://www.toorcon.org/2006/conference.html?id=10 Which btw is the guy from appliedsec that Charlie pointed out :)
Ian On 9/27/06, Charlie Miller <cmiller () securityevaluators com> wrote:ergosum wrote:Hi all, I'm with Halvar here, it's not only a permutation of commands, but more things are to be evaluated, possible combination of commands, that includes 2 by 2, 3 by 3, etc. Not only that, but possible payloads and timings to try to uncover race conditions, etc. Much more than 12! as Halvar points out. Can someone send some interesting papers on fuzzing strategies? (Apart from the ones from Dave which all of us know :) ). I would like to link this with the thread about "Unknown Application Protocol Analysis", is there any prototype that uses both concepts? Automatic protocol discovery an subsequently fuzzing of it? CheersTry GPF: http://www.appliedsec.com/developers.html Charlie _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
-- Alejandro Barrera GarcĂa-Orea R&D Engineer c/ Alcala 268 28027 Madrid Office: +34 91 326 66 11 Fax: +34 91 326 66 11 e-mail: abarrera () iron-gate net -- "We must be the change we wish to see in the world" Mahatma Gandhi _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Does Fuzzing really work? Aviram Jenik (Sep 25)
- Re: Does Fuzzing really work? Peter Winter-Smith (Sep 25)
- Re: Does Fuzzing really work? Aviram Jenik (Sep 25)
- Re: Does Fuzzing really work? Halvar Flake (Sep 26)
- Re: Does Fuzzing really work? ergosum (Sep 26)
- Re: Does Fuzzing really work? Charlie Miller (Sep 27)
- Re: Does Fuzzing really work? Ian Melven (Sep 27)
- Re: Does Fuzzing really work? ergosum (Sep 27)
- Re: Does Fuzzing really work? Jared DeMott (Sep 27)
- Re: Does Fuzzing really work? Martin Vuagnoux (Sep 28)
- Re: Does Fuzzing really work? Jared DeMott (Sep 28)
- Re: Does Fuzzing really work? Matt Hargett (Sep 28)
- Re: Does Fuzzing really work? Jared DeMott (Sep 29)
- Re: Does Fuzzing really work? Aviram Jenik (Sep 25)
- Re: Does Fuzzing really work? Peter Winter-Smith (Sep 25)