Thursday, July 17th, 2008
Storm, Srizbi, and... Microsoft? Microsoft’s Office application security team actually runs its own internal botnet, which, among other things, “fuzzes” for vulnerabilities in Office applications.
Microsoft’s botnet isn’t anywhere near the size of Srizbi (over 300,000 bots at last count) nor any of the other mega-botnets -- it’s just a couple ...
Posted in Internet, Privacy, Security, Windows | No Comments
Wednesday, June 25th, 2008
VoIPER is a security toolkit that aims to allow developers and security researchers to easily, extensively and automatically test VoIP devices for security vulnerabilties. It incorporates a fuzzing suite built on the Sulley fuzzing framework, a SIP torturer tool based on RFC 4475 and a variety of auxilliary modules to ...
Posted in Internet, Networking, Privacy, Security | No Comments
Sunday, June 1st, 2008
The videos from ShmooCon 2008 have hit the shelves. Go download them at:
http://www.shmoocon.org/2008/videos/
EDIT: As of the time of this post, some of the videos are incorrectly named. Here is the 1-> 1:
Correctly Named:
21st Century Shellcode for Solaris
Advanced Protocol Fuzzing - What We Learned when Bringing Layer2 Logic to SPIKE land
Backtrack ...
Posted in General BS, Security | No Comments
Tuesday, May 20th, 2008
You don’t have to take an ax to a piece of hardware to perform a so-called permanent denial-of-service (PDOS) attack. A researcher this week will demonstrate a PDOS attack that can take place remotely.
A PDOS attack damages a system so badly that it requires replacement or reinstallation of hardware. Unlike ...
Posted in Coding, Hardware, Internet, Networking, Privacy, Security | No Comments
Tuesday, May 6th, 2008
Tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing.
The tool is somewhat related to delta, which is a more featured general purpose optimizer but is meant specifically for dealing with unknown or complex data formats (without the need ...
Posted in Coding, Privacy, Security | No Comments
Monday, April 14th, 2008
As you will have noticed we’ve posted quite a number of Fuzzing Tools built around different frameworks and in different languages..most for difference targets/purposes too.
Fuzzing has definitely exploded in the last year or so as more people try and understand it and code tools to automate the process. There are ...
Posted in Internet, Privacy, Security | No Comments
Monday, April 14th, 2008
ActiveX controls made up most of all browser plug-in vulnerabilities in the second half of 2007, according to Symantec.
The company has just released its semi-annual web security report and in it said that Microsoft's technology, primarily used to create add-ins for Internet Explorer, accounted for 79 percent of the 239 ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Wednesday, April 9th, 2008
A new version of Wfuzz is available, many improvements and fixes since first release which was in the middle of 2007. Fuzzing is definitely in, an article was posted recently about how everyone should keep on fuzzing! Will post it up soon.
Wfuzz is a tool designed for bruteforcing Web Applications, ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
