Fuzzing anything that moves

<meta content="OpenOffice.org 3.0 (Linux)" name="GENERATOR" /><br /> <style type="text/css"> <!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } A:link { so-language: zxx } --></style> <p style="margin-bottom: 0in">I’m in New Delhi, for the local <a href="(http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009">OWASP Conference</a>. There’s a <a href="http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009#tab=Conference">really nice lineup</a> and if you’re in the New Delhi area I highly recommend attending.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">I’ll be speaking twice. On Tuesday about blackbox testing. The abstract can be paraphrased from the immortal words of the great fuzzing master Ice-T:</p> <blockquote> <p style="margin-bottom: 0in">If you’re from Mars, and you have inputs, we will fuzz you.</p> </blockquote> <p style="margin-bottom: 0in">(Look up the <a href="http://www.rhapsody.com/body-count/body-count/kkk-bitch/lyrics.html">original text</a>, I guarantee it’s worth it)</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">On Wednesday I’ll be talking a bit about breaking JSON applications, relying on the great research done by Amit Klein, Blueinfy, Jeremiah Grossman, Fortify, and many others.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">If you spot any errors in either of my presentations let me know and I will buy you a beer. This offer does not include anything stupid I say while on a discussion panel…</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in"> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1332"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_1"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div> <script type="text/javascript"><!-- wpa2a.script_load(); //--></script> </div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1332" dc:identifier="http://blogs.securiteam.com/index.php/archives/1332" dc:title="Fuzzing anything that moves" trackback:ping="http://blogs.securiteam.com/index.php/archives/1332/trackback" /> </rdf:RDF> --> <div class="comments-template"> <div id="disqus_thread"> </div> <script type="text/javascript"> /* <![CDATA[ */ var disqus_url = 'http://blogs.securiteam.com/index.php/archives/1332'; var disqus_identifier = '1332 http://blogs.securiteam.com/index.php/archives/1332'; var disqus_container_id = 'disqus_thread'; var disqus_domain = 'disqus.com'; var disqus_shortname = 'securiteamblogs'; var disqus_title = "Fuzzing anything that moves"; var disqus_config = function () { var config = this; // Access to the config object config.language = ''; /* All currently supported events: * preData — fires just before we request for initial data * preInit - fires after we get initial data but before we load any dependencies * onInit - fires when all dependencies are resolved but before dtpl template is rendered * afterRender - fires when template is rendered but before we show it * onReady - everything is done */ config.callbacks.preData.push(function() { // clear out the container (its filled for SEO/legacy purposes) document.getElementById(disqus_container_id).innerHTML = ''; }); config.callbacks.onReady.push(function() { // sync comments in the background so we don't block the page var script = document.createElement('script'); script.async = true; script.src = '?cf_action=sync_comments&post_id=1332'; var firstScript = document.getElementsByTagName( "script" )[0]; firstScript.parentNode.insertBefore(script, firstScript); }); }; /* ]]> */ </script> <script type="text/javascript"> /* <![CDATA[ */ var DsqLocal = { 'trackbacks': [ ], 'trackback_url': "http:\/\/blogs.securiteam.com\/index.php\/archives\/1332\/trackback" }; /* ]]> */ </script> <script type="text/javascript"> /* <![CDATA[ */ (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.' + 'disqus.com' + '/embed.js?pname=wordpress&pver=2.74'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })(); /* ]]> */ </script> </div> </div> </div> <div class="browse prev"> <div class="prev"> <a href="http://blogs.securiteam.com/index.php/archives/1331" rel="prev">Is this the laziest 419 of all time?</a> </div> <div class="next"> <a href="http://blogs.securiteam.com/index.php/archives/1333" rel="next">Heathrow calling</a> </div> </div> <div class="clear"></div> </div> <div class="sidebar sidebar2"> <ul> <li id="a2a_share_save_widget-3" class="widget widget_a2a_share_save_widget"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_2"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></li> <li id="text-6" class="widget widget_text"> <div class="textwidget"><BR/><BR/><BR/><BR/><BR/><BR/><BR/></div> </li> <li id="categories-3" class="widget widget_categories"><h2 class="widgettitle">Categories</h2> <select name='cat' id='cat' class='postform' > <option value='-1'>Select Category</option> <option class="level-0" value="11">Apple  (57)</option> <option class="level-0" value="18">Ask the Expert  (46)</option> <option class="level-0" value="41">Book Reviews  (45)</option> <option class="level-0" value="27">Botnets  (72)</option> <option class="level-0" value="12">Cisco  (25)</option> <option class="level-0" value="5">Commentary  (1345)</option> <option class="level-0" value="21">Corporate Security  (397)</option> <option class="level-0" value="10">Culture  (404)</option> <option class="level-0" value="26">DDoS  (40)</option> <option class="level-0" value="17">Digest  (41)</option> <option class="level-0" value="33">Earl  (11)</option> <option class="level-0" value="23">Encryption  (44)</option> <option class="level-0" value="7">Full Disclosure  (216)</option> <option class="level-0" value="25">Funnies  (71)</option> <option class="level-0" value="20">Funny  (96)</option> <option class="level-0" value="30">Fuzzing  (35)</option> <option class="level-0" value="2">Gadgets  (88)</option> <option class="level-0" value="19">Google  (53)</option> <option class="level-0" value="34">Hacked  (13)</option> <option class="level-0" value="31">InSecurity  (17)</option> <option class="level-0" value="22">Insider Threat  (53)</option> <option class="level-0" value="24">Interviews  (10)</option> <option class="level-0" value="9">Law  (86)</option> <option class="level-0" value="4">Linux  (41)</option> <option class="level-0" value="40">malware  (69)</option> <option class="level-0" value="32">Memory Leak  (24)</option> <option class="level-0" value="3">Microsoft  (234)</option> <option class="level-0" value="28">Networking  (119)</option> <option class="level-0" value="38">OPSEC  (121)</option> <option class="level-0" value="14">OT  (213)</option> <option class="level-0" value="16">Phishing  (109)</option> <option class="level-0" value="15">Physical Security  (89)</option> <option class="level-0" value="6">Privacy  (145)</option> <option class="level-0" value="29">Rootkits  (32)</option> <option class="level-0" value="39">Sec Tools  (90)</option> <option class="level-0" value="42">Social Engineering  (69)</option> <option class="level-0" value="8">Spam  (163)</option> <option class="level-0" value="35">The NULL Terminated  (5)</option> <option class="level-0" value="44">Tips & Tricks  (49)</option> <option class="level-0" value="13">Virus  (249)</option> <option class="level-0" value="1">Web  (453)</option> <option class="level-0" value="36">Zoned Out  (4)</option> </select> <script type='text/javascript'> /* <![CDATA[ */ var dropdown = document.getElementById("cat"); function onCatChange() { if ( dropdown.options[dropdown.selectedIndex].value > 0 ) { location.href = "http://blogs.securiteam.com/?cat="+dropdown.options[dropdown.selectedIndex].value; } } dropdown.onchange = onCatChange; /* ]]> */ </script> </li> <li id="text-7" class="widget widget_text"> <div class="textwidget"><BR/> <!-- Place this tag where you want the +1 button to render --> <g:plusone></g:plusone> <!-- Place this render call where appropriate --> <script type="text/javascript"> (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script></div> </li> </ul> </div> <div class="sidebar"> <a style="font-size: 150%;" href="/index.php/feed/"><img src="http://blogs.securiteam.com/wp-content/themes/securiteam.new/images/rss-icon-48x48.gif" width="24" ALT="Security RSS"> Subscribe</a> <br><br> <ul> <li id="text-4" class="widget widget_text"> <div class="textwidget"><div class="fb-like" data-href="http://blogs.securiteam.com" data-send="true" data-width="400" data-show-faces="true"></div></div> </li> <li id="text-3" class="widget widget_text"> <div class="textwidget"><div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script></div> </li> <li id="rss-3" class="widget widget_rss"><h2 class="widgettitle"><a class='rsswidget' href='http://www.securiteam.com/securiteam.rss' title='Syndicate this content'><img style='border:0' width='14' height='14' src='http://blogs.securiteam.com/wp-includes/images/rss.png' alt='RSS' /></a> <a class='rsswidget' href='http://www.securiteam.com/' title='Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.'>More Securiteam</a></h2> <ul><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6D03V00BFY.html' title='EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. […]'>EMC Documentum Content Server 6.7 SP1 P28 Remote Privilege Escalation Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6E03W00BFO.html' title='Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. […]'>IBM WebSphere Portal Cross Site Scripting Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6Y03Q00BFW.html' title='Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors. […]'>Adobe Acrobat and Reader Security Bypass Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6A03S00BFC.html' title='Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly process packet-drop policy checks for logged packets, which allows remote attackers to bypass intended access restrictions via a flood of packets matching a policy that contains the log keyword […]'>Cisco Nexus 9000 Series Switches Access List Security Bypass Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/windowsntfocus/6Z03Q00BGQ.html' title='Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability, […]'>Microsoft Internet Explorer 11 Remote Memory Corruption Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6C03U00BFI.html' title='vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors. […]'>HP Storage Data Protector Remote Code Execution Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6Y03P00BGC.html' title='Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure. […]'>Multiple IBM Products Cross Site Scripting Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6F03X00BFE.html' title='arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call. […]'>Linux Kernel Local Privilege Escalation Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/windowsntfocus/6G03Y00BFU.html' title='Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability […]'>Microsoft Internet Explorer 11 Memory-Corruption Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6B03T00BFS.html' title='Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop […]'>Citrix XenDesktop Unauthorized Access Vulnerabilities</a></li></ul></li> <li id="recent-posts-3" class="widget widget_recent_entries"> <h2 class="widgettitle">New</h2> <ul> <li> <a href="http://blogs.securiteam.com/index.php/archives/2418" title="Windows 2012 R2 Certification Authority installation guide">Windows 2012 R2 Certification Authority installation guide</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2415" title="Best Email Retention Policy Practices">Best Email Retention Policy Practices</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2407" title="AV is dead … again …">AV is dead … again …</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2400" title="Settle for nothing now … Settle for nothing later!">Settle for nothing now … Settle for nothing later!</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2393" title="Big Government vs Big Corp – which is worse?">Big Government vs Big Corp – which is worse?</a> </li> </ul> </li> <li id="recent-comments-3" class="widget widget_recent_comments"><h2 class="widgettitle">Comments</h2> <ul id="recentcomments"><li class="recentcomments">Anikasmith on <a href="http://blogs.securiteam.com/index.php/archives/1542#comment-905667">New computers – Windows 7 – security and permissions (2)</a></li><li class="recentcomments">Best php profestional training on <a href="http://blogs.securiteam.com/index.php/archives/989#comment-904766">OSCP (Offensive Security Certified Professional) Training and Challenge</a></li><li class="recentcomments">Hellen Pedro on <a href="http://blogs.securiteam.com/index.php/archives/1468#comment-894970">Non-Functional Email (or Blog) System Disclaimer</a></li><li class="recentcomments">Hellen Pedro on <a href="http://blogs.securiteam.com/index.php/archives/1468#comment-894965">Non-Functional Email (or Blog) System Disclaimer</a></li><li class="recentcomments">hsbc customer on <a href="http://blogs.securiteam.com/index.php/archives/1701#comment-894444">Howto: Phish HSBC credit card numbers</a></li></ul></li> <li id="text-5" class="widget widget_text"><h2 class="widgettitle">Admin</h2> <div class="textwidget"><a href="http://blogs.securiteam.com/wp-admin/">Login</a></div> </li> </ul> </div> <div class="clear"></div> <div id="footer"> <p><a href="http://blogs.securiteam.com" title="SecuriTeam Blogs home page">SecuriTeam Blogs</a> is powered by Word Press.</p> </div> </div><!-- end page --> </div> <script type="text/javascript"><!-- wpa2a.targets=[ {title:'Fuzzing anything that moves',url:'http://blogs.securiteam.com/index.php/archives/1332'}, {title:document.title,url:location.href}]; wpa2a.html_done=true;if(wpa2a.script_ready&&!wpa2a.done)wpa2a.init();wpa2a.script_load(); //--></script> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-29522810-1']); _gaq.push(['_setDomainName', 'securiteam.com']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> </body> </html>