[Dailydave] Does Fuzzing really work?
Jared DeMott
demottja at msu.edu
Thu Sep 28 12:47:15 EST 2006
Martin Vuagnoux wrote:
> ergosum wrote:
>
>> On Wednesday 27 September 2006 17:45, Ian Melven wrote:
>>
>>
>>> There's a lot of links to fuzzing papers, tools, and articles here.
>>>
>>> http://www.threatmind.net/secwiki/FuzzingTools
>>>
>>>
>>>
>> Nice resource.
>>
> There is another tool and another paper at
> http://autodafe.sourceforge.net (auto-ads :-))
autodafe is some good stuff btw. :)
> The version 0.2 is
> imminent with automatic detection of format string and heap overflow
> under Linux. We are working on Windows version of the tracer based on
> PaiMei...
>
> And for Jared who loves Macromedia Flash presentation, :-) there is the
> slides too.
>
> Although Autodafe needs to know the protocol, it uses dissector from
> wireshark/ethereal to convert it automatically, lot of time saved...
> There is a old but efficient project called "Security Bug Catcher" which
> is based on the state of a program. An implementation for FTP, has been
> developed (check:
> http://lasecwww.epfl.ch/~oechslin/projects/bugcatcher/). It has been
> created under the supervision of Philippe Oechslin (yes, the rainbow
> tables).
>
>
> Regards, Martin
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20060928/8e8f42c9/attachment.htm
More information about the Dailydave
mailing list