欢迎信息安全界的朋友!黑站、挂马的勿扰!只做基础理论研究。交流IDS、IPS、buffer overflow、内核编程 、sniffer,技术共享!
. . . . .
. . .
'BBNNNN . .
N . . .
N . . .
N. . .
N . . . N . NN
B . NN. NN
NN . . BN NN
N . . . . . ND. NN
N. . .. . NN . NN
N .. . NB NN
N B. . NN. NN
N . NN NB . NN
NNNBNNNN B . N. NN
N . .N NN
. N . N. NN
.N . . . . N . . BN ..
.. .B . . .. . . N NN . .
N NNN. B. . . N NNNNNN NNN
.. N N N N .NNNB NNN.B. BN. NBN B. B.
.B . . N NN . N N . NB NBN .N NN N N .
.NN . N NN . B .B . N N. . B N.BN.
. N N N . NN N ..B. N . N .B NN
N NN NNN N NNN N NB NNNN
. . B. BN NN . NNN NN NNNNNN. .NB N .
N N . . . . NN . N. . N
. N . . . . .B .
. D. . . . . . . N.
N . . ' . . N .
N . . . . . N .
. . . . NN .
. . N .
. . . N .
. . N. ..
. . NN .
. . . NNBNB. '
. . BNBNNNNN .
. . . . . .
. . .
PDF File Standard Fuzzer
作者:friddy 日期:2010-03-23
#!/usr/bin/perl
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
# PDF FUZZER -- TAKE IT TO THE HEAD
# :) HAVE FUN :)
use PDF::Create;
use Getopt::Std;
@overflow = ('A' x 8200, 'A' x 11000, 'A' x 110000, 'A' x 550000, 'A' x 1100000, 'A' x 2200000, 'A' x 12000000, "\0x99" x 1200, "//AAAA" x 250, "\\AAAA" x 250);
@fmtstring = ("%n%n%n%n%n", "%p%p%p%p%p", "%s%s%s%s%s", "%d%d%d%d%d", "%x%x%x%x%x",
介绍几种国外的FUZZ
作者:friddy 日期:2009-02-03
Gfuzz
Gfuzz is a web application fuzzing environment which combines fine-grained taint analysis on the server-side (using CORE Grasp) with grammar-based analysis. This allows to perform fuzzing tests and accurately detect attacks feeding the grammar analyzer with the executed SQL queries (on the server side) together with security taint marks for each query.
怎样检测IE网马?大家跟贴
作者:friddy 日期:2008-09-23
What is Fuzz Testing?
作者:friddy 日期:2008-09-12
Fuzz testing or Fuzzing is a software testing technique, often used to discover security weaknesses in applications and protocols. The basic idea is to attach the inputs of a program to a source of random or unexpected data. If the program fails (for example, by crashing, or by failing in-built code assertions), then there are defects to correct. It should be noted that the majority of security vulnerabilities, from buffer overflows to cross-site scripting attacks, are generally the result of insufficient validation of user-supplied input data. Bugs found using fuzz testing are frequently severe, exploitable bugs that could be used by a real attacker. This has become even more true as fuzz testing has become more widely known, as the same techniques and tools are now used by attackers to exploit deployed software. This is a major advantage over binary or source auditing, or even fuzzing’s close cousin, fault injection, which often rely on artificial fault conditions that are difficult or impossible to exploit.
Fuzzing Tools
The following tools and testing frameworks are used by professional penetration testers when performing a blackbox assessment of a network, server or application. If you would like to learn more about the black-box assessment methodology or to find out how to use fuzz-testing techniques for your application, please contact a Hacksafe senior consultant.
Fuzzing Tools
The following tools and testing frameworks are used by professional penetration testers when performing a blackbox assessment of a network, server or application. If you would like to learn more about the black-box assessment methodology or to find out how to use fuzz-testing techniques for your application, please contact a Hacksafe senior consultant.
