Dailydave mailing list archives
Re: School project start: a fuzzer
From: Jared DeMott <jdemott () crucialsecurity com>
Date: Fri, 08 May 2009 10:13:26 -0400
Martin Zember wrote:
Hi community,
Hi Martin. I have lots of ideas on fuzzing projects. For example you could try to prove my hypothesis that it depends on the use case/target as to which type of fuzzer is best. Or you might use the simple file fuzzer from the back of our book, and compare that to one you create and see which one does better. Right now simple fuzzers still rock against soft file based targets like QuickTime. Speaking of which I'll be giving training and talking about such things at ShakaCon in a few weeks if you need a reason to visit Hawaii. Other ideas, you might use an existing framework like Peach and compare results against one you create. I'm a big fan of comparisons against known tools, because it gives a reference point when trying to understand the relative success of your project. Heck you might even resurrect EFS it wasn't that complex! Best wishes, Jared
could you please give me some advice about a school project? It is an obligatory team project. We plan to create a fuzzer. I hope it makes sense to build another fuzzer, since different fuzzers find different bugs, right..? ;-) We have a lot of time (9 months, 5 people, 1day per week), but not more, so it is not a good ground for research. The project should be implemented, documented, finished, presented. The question is, how deep can we go (what to promise in the specification)? My guess is that detecting success during fuzzing only when application crashes is too lame. "Feedback fuzzing" is maybe too complicated. What is realistic? Even though it would be nice, we did not find a paid project, which is interesting enough. We are not obliged to do a fuzzer so other suggestions or warnings are welcome. Martin _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
-- __________________________________________ Jared D. DeMott Senior Security Researcher Crucial Security Business Area Harris Corporation http://crucialsecurity.com Phone 616.874.7810 Mobile 571.283.4163 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- School project start: a fuzzer Martin Zember (May 08)
- Re: School project start: a fuzzer Jared DeMott (May 08)
- Re: School project start: a fuzzer Agustin Gianni (May 08)
- Re: School project start: a fuzzer Jon Oberheide (May 08)
- Re: School project start: a fuzzer Arun Koshy (May 08)
- Re: School project start: a fuzzer nnp (May 08)
- Re: School project start: a fuzzer Adrien Krunch Kunysz (May 08)