Fuzzing anything that moves

<meta content="OpenOffice.org 3.0 (Linux)" name="GENERATOR" /><br /> <style type="text/css"> <!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } A:link { so-language: zxx } --></style> <p style="margin-bottom: 0in">I’m in New Delhi, for the local <a href="(http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009">OWASP Conference</a>. There’s a <a href="http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009#tab=Conference">really nice lineup</a> and if you’re in the New Delhi area I highly recommend attending.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">I’ll be speaking twice. On Tuesday about blackbox testing. The abstract can be paraphrased from the immortal words of the great fuzzing master Ice-T:</p> <blockquote> <p style="margin-bottom: 0in">If you’re from Mars, and you have inputs, we will fuzz you.</p> </blockquote> <p style="margin-bottom: 0in">(Look up the <a href="http://www.rhapsody.com/body-count/body-count/kkk-bitch/lyrics.html">original text</a>, I guarantee it’s worth it)</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">On Wednesday I’ll be talking a bit about breaking JSON applications, relying on the great research done by Amit Klein, Blueinfy, Jeremiah Grossman, Fortify, and many others.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">If you spot any errors in either of my presentations let me know and I will buy you a beer. This offer does not include anything stupid I say while on a discussion panel…</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in"> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1332"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_1"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div> <script type="text/javascript"><!-- wpa2a.script_load(); //--></script> </div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1332" dc:identifier="http://blogs.securiteam.com/index.php/archives/1332" dc:title="Fuzzing anything that moves" trackback:ping="http://blogs.securiteam.com/index.php/archives/1332/trackback" /> </rdf:RDF> --> <div class="comments-template"> <div id="disqus_thread"> </div> <script type="text/javascript"> /* <![CDATA[ */ var disqus_url = 'http://blogs.securiteam.com/index.php/archives/1332'; var disqus_identifier = '1332 http://blogs.securiteam.com/index.php/archives/1332'; var disqus_container_id = 'disqus_thread'; var disqus_domain = 'disqus.com'; var disqus_shortname = 'securiteamblogs'; var disqus_title = "Fuzzing anything that moves"; var disqus_config = function () { var config = this; // Access to the config object config.language = ''; /* All currently supported events: * preData — fires just before we request for initial data * preInit - fires after we get initial data but before we load any dependencies * onInit - fires when all dependencies are resolved but before dtpl template is rendered * afterRender - fires when template is rendered but before we show it * onReady - everything is done */ config.callbacks.preData.push(function() { // clear out the container (its filled for SEO/legacy purposes) document.getElementById(disqus_container_id).innerHTML = ''; }); config.callbacks.onReady.push(function() { // sync comments in the background so we don't block the page var script = document.createElement('script'); script.async = true; script.src = '?cf_action=sync_comments&post_id=1332'; var firstScript = document.getElementsByTagName( "script" )[0]; firstScript.parentNode.insertBefore(script, firstScript); }); }; /* ]]> */ </script> <script type="text/javascript"> /* <![CDATA[ */ var DsqLocal = { 'trackbacks': [ ], 'trackback_url': "http:\/\/blogs.securiteam.com\/index.php\/archives\/1332\/trackback" }; /* ]]> */ </script> <script type="text/javascript"> /* <![CDATA[ */ (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.' + 'disqus.com' + '/embed.js?pname=wordpress&pver=2.74'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })(); /* ]]> */ </script> </div> </div> </div> <div class="browse prev"> <div class="prev"> <a href="http://blogs.securiteam.com/index.php/archives/1331" rel="prev">Is this the laziest 419 of all time?</a> </div> <div class="next"> <a href="http://blogs.securiteam.com/index.php/archives/1333" rel="next">Heathrow calling</a> </div> </div> <div class="clear"></div> </div> <div class="sidebar sidebar2"> <ul> <li id="a2a_share_save_widget-3" class="widget widget_a2a_share_save_widget"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_2"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></li> <li id="text-6" class="widget widget_text"> <div class="textwidget"><BR/><BR/><BR/><BR/><BR/><BR/><BR/></div> </li> <li id="categories-3" class="widget widget_categories"><h2 class="widgettitle">Categories</h2> <select name='cat' id='cat' class='postform' > <option value='-1'>Select Category</option> <option class="level-0" value="11">Apple  (57)</option> <option class="level-0" value="18">Ask the Expert  (46)</option> <option class="level-0" value="41">Book Reviews  (45)</option> <option class="level-0" value="27">Botnets  (72)</option> <option class="level-0" value="12">Cisco  (25)</option> <option class="level-0" value="5">Commentary  (1345)</option> <option class="level-0" value="21">Corporate Security  (397)</option> <option class="level-0" value="10">Culture  (404)</option> <option class="level-0" value="26">DDoS  (40)</option> <option class="level-0" value="17">Digest  (41)</option> <option class="level-0" value="33">Earl  (11)</option> <option class="level-0" value="23">Encryption  (44)</option> <option class="level-0" value="7">Full Disclosure  (216)</option> <option class="level-0" value="25">Funnies  (71)</option> <option class="level-0" value="20">Funny  (96)</option> <option class="level-0" value="30">Fuzzing  (35)</option> <option class="level-0" value="2">Gadgets  (88)</option> <option class="level-0" value="19">Google  (53)</option> <option class="level-0" value="34">Hacked  (13)</option> <option class="level-0" value="31">InSecurity  (17)</option> <option class="level-0" value="22">Insider Threat  (53)</option> <option class="level-0" value="24">Interviews  (10)</option> <option class="level-0" value="9">Law  (86)</option> <option class="level-0" value="4">Linux  (41)</option> <option class="level-0" value="40">malware  (69)</option> <option class="level-0" value="32">Memory Leak  (24)</option> <option class="level-0" value="3">Microsoft  (234)</option> <option class="level-0" value="28">Networking  (119)</option> <option class="level-0" value="38">OPSEC  (121)</option> <option class="level-0" value="14">OT  (213)</option> <option class="level-0" value="16">Phishing  (109)</option> <option class="level-0" value="15">Physical Security  (89)</option> <option class="level-0" value="6">Privacy  (145)</option> <option class="level-0" value="29">Rootkits  (32)</option> <option class="level-0" value="39">Sec Tools  (90)</option> <option class="level-0" value="42">Social Engineering  (69)</option> <option class="level-0" value="8">Spam  (163)</option> <option class="level-0" value="35">The NULL Terminated  (5)</option> <option class="level-0" value="44">Tips & Tricks  (49)</option> <option class="level-0" value="13">Virus  (249)</option> <option class="level-0" value="1">Web  (453)</option> <option class="level-0" value="36">Zoned Out  (4)</option> </select> <script type='text/javascript'> /* <![CDATA[ */ var dropdown = document.getElementById("cat"); function onCatChange() { if ( dropdown.options[dropdown.selectedIndex].value > 0 ) { location.href = "http://blogs.securiteam.com/?cat="+dropdown.options[dropdown.selectedIndex].value; } } dropdown.onchange = onCatChange; /* ]]> */ </script> </li> <li id="text-7" class="widget widget_text"> <div class="textwidget"><BR/> <!-- Place this tag where you want the +1 button to render --> <g:plusone></g:plusone> <!-- Place this render call where appropriate --> <script type="text/javascript"> (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script></div> </li> </ul> </div> <div class="sidebar"> <a style="font-size: 150%;" href="/index.php/feed/"><img src="http://blogs.securiteam.com/wp-content/themes/securiteam.new/images/rss-icon-48x48.gif" width="24" ALT="Security RSS"> Subscribe</a> <br><br> <ul> <li id="text-4" class="widget widget_text"> <div class="textwidget"><div class="fb-like" data-href="http://blogs.securiteam.com" data-send="true" data-width="400" data-show-faces="true"></div></div> </li> <li id="text-3" class="widget widget_text"> <div class="textwidget"><div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script></div> </li> <li id="rss-3" class="widget widget_rss"><h2 class="widgettitle"><a class='rsswidget' href='http://www.securiteam.com/securiteam.rss' title='Syndicate this content'><img style='border:0' width='14' height='14' src='http://blogs.securiteam.com/wp-includes/images/rss.png' alt='RSS' /></a> <a class='rsswidget' href='http://www.securiteam.com/' title='Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.'>More Securiteam</a></h2> <ul><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5CP362AE0A.html' title='Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer bitmap data in a PXD file. […]'>Autodesk SketchBook Pro PSD And PXD File Processing Two Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5DP372AE0A.html' title='Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vector […]'>Adobe Flash Player 14.0.0.125 And AIR Cross Site Scripting Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5DP372AE0A.html' title='Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vector […]'>Adobe Flash Player 14.0.0.125 And AIR Cross Site Scripting Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5BP311FE0K.html' title='The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field. […]'>Drupal 7.29 Multiple Remote Security Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5DP331FE0M.html' title='The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. […]'>Linux Kernel PPP Over L2TP Implementation Privilege Escalation Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5EP341FE0A.html' title='jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors. […]'>Red Hat JBoss Products Remote Arbitrary Code Execution Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5AP301FE0W.html' title='Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization. […]'>Mozilla Firefox Event Spoofing Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5NP2X1FE0U.html' title='Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. […]'>Mozilla Firefox 31.0/Thunderbird 24.7 Remote Code Execution Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5CP321FE0Y.html' title='The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. […]'>Google Chrome For Android Prior Multiple Security Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5OP2Y1FE0W.html' title='Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter […]'>Cisco Unified Customer Voice Portal Multiple Cross Site Scripting Vulnerabilities</a></li></ul></li> <li id="recent-posts-3" class="widget widget_recent_entries"> <h2 class="widgettitle">New</h2> <ul> <li> <a href="http://blogs.securiteam.com/index.php/archives/2418" title="Windows 2012 R2 Certification Authority installation guide">Windows 2012 R2 Certification Authority installation guide</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2415" title="Best Email Retention Policy Practices">Best Email Retention Policy Practices</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2407" title="AV is dead … again …">AV is dead … again …</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2400" title="Settle for nothing now … Settle for nothing later!">Settle for nothing now … Settle for nothing later!</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2393" title="Big Government vs Big Corp – which is worse?">Big Government vs Big Corp – which is worse?</a> </li> </ul> </li> <li id="recent-comments-3" class="widget widget_recent_comments"><h2 class="widgettitle">Comments</h2> <ul id="recentcomments"><li class="recentcomments">Hellen Pedro on <a href="http://blogs.securiteam.com/index.php/archives/1468#comment-894970">Non-Functional Email (or Blog) System Disclaimer</a></li><li class="recentcomments">Hellen Pedro on <a href="http://blogs.securiteam.com/index.php/archives/1468#comment-894965">Non-Functional Email (or Blog) System Disclaimer</a></li><li class="recentcomments">hsbc customer on <a href="http://blogs.securiteam.com/index.php/archives/1701#comment-894444">Howto: Phish HSBC credit card numbers</a></li><li class="recentcomments">Duqyaha Sultanovich on <a href="http://blogs.securiteam.com/index.php/archives/2365#comment-865918">CyberSec Tips – “Computer Maintenance Department”</a></li><li class="recentcomments">intrest on <a href="http://blogs.securiteam.com/index.php/archives/2352#comment-865660">BananaGlee</a></li></ul></li> <li id="text-5" class="widget widget_text"><h2 class="widgettitle">Admin</h2> <div class="textwidget"><a href="http://blogs.securiteam.com/wp-admin/">Login</a></div> </li> </ul> </div> <div class="clear"></div> <div id="footer"> <p><a href="http://blogs.securiteam.com" title="SecuriTeam Blogs home page">SecuriTeam Blogs</a> is powered by Word Press.</p> </div> </div><!-- end page --> </div> <script type="text/javascript"><!-- wpa2a.targets=[ {title:'Fuzzing anything that moves',url:'http://blogs.securiteam.com/index.php/archives/1332'}, {title:document.title,url:location.href}]; wpa2a.html_done=true;if(wpa2a.script_ready&&!wpa2a.done)wpa2a.init();wpa2a.script_load(); //--></script> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-29522810-1']); _gaq.push(['_setDomainName', 'securiteam.com']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> </body> </html>