Fuzzing

Backtrack – The Future, The Funding, The Roadmap

Great news, Backtrack now has funding to move ahead with scheduled releases, and a roadmap moving forward up to Backtrack 5. You can view the roadmap here. It seems that the worlds leader in penetration testing training, namely Offensive Security is going to be funding the BackTrack Linux distribution’s development going forward. No need to worry though, BackTrack is still going to remain an Open Source distro.

Other news on this front is that the Exploit Database now has new EDB Research and Development teams that are actively working on vulnerability discovery and development, so watch this space for more news and good things to come. It’s also very worthwhile checking out the Exploit Database Blog.

Hack In The Box Security Conference Comes to Europe

The first ever HITB Security conference will be help in Amsterdam on the 1st and 2nd July, so apologies for only posting this now, but there’s still time to register.

The full conference agenda can be found here.

Some of the talks listed are:

– Breaking Virtualization by Switching to Virtual 8086 Mode

– Attacking SAP Users Using sapsploit

– Fireshark – A tool to Link the Malicious Web

– Having Fun with Apple’s IOKit

So all in all, it looks like it’s going to be an interesting couple of days.

Leave a comment if you’re going, it’d be good to hook up.

Interview with Charlie Miller

For those of you who don’t know who Charlie Miller is (really, you don’t? Maybe it’s time to get out from under the pile of paperwork for a change then.) He’s the guy who’s managed to pwn 3 Apple products at Pwn2Pwn over the last three consecutive years. I got to thinking recently, and the last person that I interviewed for the SecuriTeam Blogs was Fyodor, and that feels like a lifetime ago! So I dropped Charlie a line to see if he’d be up for it, and thankfully he was.

xyberpix: How and what got you get started in vulnerability discovery?

0xcharlie: It was back at the NSA so I can’t really talk about it.  But I really like the concept of vulnerability analysis.  Its slightly adversarial in nature.  Smart people write software and I have to try to find mistakes that they’ve made.

Also,it appeals to me in the same way that collecting baseball cards does to people.  I like having a bunch of bugs that only I know about.  There is something intellectually satisfying about that.

xyberpix: What made you pick OS X as what seems to be your primary target?

0xcharlie: I had never owned, or really even used, a Mac until I started at ISE 4 years ago. ISE got me a Mac as my primary computer since that is the standard company issue. We also had some clients that were interested in Macs and OS X so I was forced to learn a bit about how they worked.  So I was in a position to play with a Mac, which I actually learned to like once I got used to it.  I quickly found it was rather easy to find bugs in it and I like to go after the easy targets.  Another thing is I take joy in ruining the day of the fanboys.  One interesting point is that exploitation is very OS (and even application) dependent, but vulnerability analysis is basically OS independent.

xyberpix: What tools do you typically use to find bugs on OS X?

0xcharlie: Mostly home brewed fuzzers.  But I also do source code analysis when available and occasionally reverse engineering.

xyberpix: What does your testing setup consist of for vulnerability research?

0xcharlie: I have a Win XP box with IDA Pro on it.  I also use this box for Windows bug hunting, so it has a bunch of debuggers (Olly, WinDbg, ImmDbg), hex editors and stuff on it.  I have an old Linux box that I mostly use for Source Navigator.  I also have a bunch of Macs, obviously.  My main computer is a 4 year old MacBook. Its got everything I need on it as well as every bug or exploit I’ve written at ISE. It also has various fuzzers I’ve written (Python), bunches of fuzzed test cases, PyDbg, PaiMei, etc.

xyberpix: You’ve mentioned on Twitter recently that you have quite a few exploits for OS X, have you considered selling these, and if not, why not?

0xcharlie: No.  My employment contract forbids it.

xyberpix: As you have a stockpile of exploits for OS X, what made you choose to use the one that you did for Pwn2Pwn over the others?

0xcharlie: It was the easiest one to exploit.  As you’ve probably noticed, I’m basically lazy which is why I like fuzzing.

xyberpix: Will you be bringing out any more books in the near future?

0xcharlie: No plans at the moment.  Its a huge endeavor to take on.  At one point Dino Dai Zovi, Ralf-Phillip Weinmann (one of the iPhone Pwn2Own guys) and I were signed on to write an iPhone security book, which would have been pretty awesome, but it never materialized.

xyberpix: How’s it feel to have won Pwn2Pwn 3 years in a row now, and will you be going for 4?

0xcharlie: It felt a little anti-climatic actually.  It was way more fun the first year when it was a bit more of a surprise.  For the last month or two I’ve been saying I’m retiring after this Pwn2Own.  Its a lot of stress and the rules are always changing so its tough.  Also, Snow Leopard exploits are much harder to write than Leopard exploits, to the point it isn’t much fun.  But maybe I’ll reconsider next year. Call me the Brett Favre of hacking.

xyberpix: Have you thought of offering a training course to developers to teach them how to find bugs, if so would this be internationally available?

0xcharlie: Yes, I’ve thought about it.  Again, this would be a big time investment to develop the course which I’m too busy to undertake at the moment.  Of course, I work for a consulting company so if enough people throw money at them, they’ll make me do it!

xyberpix: How would you advise someone starting from scratch on how to identify vulnerabilities and write exploits for them?

0xcharlie: I get this question a lot and I don’t have a great answer for it.  I went to the NSA for 5 years but not many people have that option.  Make sure you understand C/C++, then assembly, then reverse engineering for starters.  For bug finding, find out about all the bugs that are being discussed and what they look like so you know what to look for.  Then start fuzzing and trying to triage all the crashes.  For writing exploits, find some good exploits and see how they work.  Then start trying to write some for known vulnerabilities or ones you’ve found.  If you’ve got the cash, take
Dino and Alex’s training course.  My main advice is to get your hands dirty and just jump in and do it.

xyberpix: On a scale of 1-10 how would you compare the skill level required to identify and exploit security vulnerabilities in the following Operating Systems Windows, OS X, Linux?

0xcharlie: This is one of the reasons its hard to get into this field these days.  10 years ago it took a skill level of 2, 5 years ago a skill level of 6 and now a skill level of 8 or 9.  As for the various OS’s I’d say something like a 9 for windows and an 8 for the others.

xyberpix: You started the No More Free Bugs Movement, what was/is your reasoning behind this, and have you had much success with selling vulnerabilities/exploits to the vendors? Would you say that the vendors are reacting positively or negatively to this?

0xcharlie: The idea was that finding bugs is hard work.  Big vendors have teams of researchers and QA people who are paid lots of money to find bugs.  So, on the rare event one slips by and puts their users at risk, vendors should be falling all over themselves to get this information and get fixes available for their customers.  Instead, they expect researchers to give them the bugs, deal with them, convince them the bugs are real, provide POC’s, take legal liability, etc and all for charity.  Well, as a professional consultant, I get paid to find bugs by our customers, so I started to wonder why my customers paid me and for the same work, vendors don’t.

As for what’s come out of it, hopefully researchers have begun to ask this question too.  I’d like to think I’ve helped ZDI to get more researchers participating, although I don’t know for sure.  Vendors pretty much ignore the whole NMFB’s
movement.  They only care about their bottom line and NMFB doesn’t affect it.  The only positive thing I’ve seen is someone from Mozilla recently said they were thinking of raising their bug bounty from $500 and wanted to know what I thought was a fair amount.  That made me happy.  Besides Mozilla, I’ve never heard of anyone who sold a bug to a vendor, although Chrome offers a program.

xyberpix: What do you feel the greatest risk to Web Browsers is at the moment, and why?

0xcharlie: Probably the biggest weakness is that web browsers are a big attack surface and the attacker has a lot of control.  The attack surface includes html, JavaScript, images, plugins (Java, Flash, Silverlight, etc).  Attackers can manipulate the heap using the languages at their disposal.  These make for a powerful combination for attackers.

xyberpix: What do you feel the greatest risk on the Internet is at this point in time, and why?

0xcharlie: The biggest risk is how companies store your personal information and then lose it. I can manage my own computer (most of the time) but when sites lose my info, I’m powerless to do anything about it (or prevent it).

xyberpix: If you were to give one bit of advice to developers that they’d all listen to, what would that be?

0xcharlie: Just to think defensively.  Every time you write a line of code or a function, think about ways bad guys might try to present data to it to cause an error.  Think about all the things that could go wrong and then you can think of ways to try to prevent them from happening.

xyberpix: You and Steve Jobs are sitting have a cup of coffee, tell me how how that conversation would go?

0xcharlie: Great question!  First I’d have to tell him who I was because he’d have no idea. I’d try to tell him that eventually this security thing is going to bite him in the ass when the malware authors notice enough Macs.  I’d then patiently listen to his explanation of why I’m wrong and how its going to all play out.  He’d probably convince me.  Finally, I’d bitch that iPad doesn’t have Flash.  Lame.

Thanks again to Charlie for taking the time out to answer these questions, it really is appreciated.

Fuzzing anything that moves

<meta content="OpenOffice.org 3.0 (Linux)" name="GENERATOR" /><br /> <style type="text/css"> <!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } A:link { so-language: zxx } --></style> <p style="margin-bottom: 0in">I’m in New Delhi, for the local <a href="(http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009">OWASP Conference</a>. There’s a <a href="http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009#tab=Conference">really nice lineup</a> and if you’re in the New Delhi area I highly recommend attending.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">I’ll be speaking twice. On Tuesday about blackbox testing. The abstract can be paraphrased from the immortal words of the great fuzzing master Ice-T:</p> <blockquote> <p style="margin-bottom: 0in">If you’re from Mars, and you have inputs, we will fuzz you.</p> </blockquote> <p style="margin-bottom: 0in">(Look up the <a href="http://www.rhapsody.com/body-count/body-count/kkk-bitch/lyrics.html">original text</a>, I guarantee it’s worth it)</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">On Wednesday I’ll be talking a bit about breaking JSON applications, relying on the great research done by Amit Klein, Blueinfy, Jeremiah Grossman, Fortify, and many others.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">If you spot any errors in either of my presentations let me know and I will buy you a beer. This offer does not include anything stupid I say while on a discussion panel…</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in"> </div> <ul class="meta bottom"> <li class="cat post-tags"><a href="https://blogs.securiteam.com/index.php/archives/category/culture" rel="category tag">Culture</a> <a href="https://blogs.securiteam.com/index.php/archives/category/fuzzing" rel="category tag">Fuzzing</a> <a href="https://blogs.securiteam.com/index.php/archives/category/web" rel="category tag">Web</a></li> </ul> <ul class="meta sharer"> <li class="share-on"> <a target="blank" title="Fuzzing+anything+that+moves" href="https://twitter.com/share?text=Fuzzing+anything+that+moves%20-%20&url=https://blogs.securiteam.com/index.php/archives/1332" onclick="window.open('https://twitter.com/share?text=Fuzzing+anything+that+moves%20-%20&url=https://blogs.securiteam.com/index.php/archives/1332','twitter','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" class="twitter"> <i class="fa fa-twitter-square"></i><span class="i">Twitter</span> </a> </li> <li class="share-on"> <a href="http://pinterest.com/pin/create/button/?url=https://blogs.securiteam.com/index.php/archives/1332&media=&description=Fuzzing+anything+that+moves" target="_blank" class=" pinterest offblack"> <i class="fa fa-pinterest-square"></i><span class="i">Pinterest</span> </a> </li> <li class="share-on"> <a target="blank" title="Fuzzing+anything+that+moves" href="http://www.facebook.com/share.php?u=https://blogs.securiteam.com/index.php/archives/1332" onclick="window.open('http://www.facebook.com/share.php?u=https://blogs.securiteam.com/index.php/archives/1332','facebook','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" class=" facebook "> <i class="fa fa-facebook-square"></i><span class="i">Facebook</span> </a> </li> <li class="share-on"> <a onclick="window.open('https://plus.google.com/share?url=https://blogs.securiteam.com/index.php/archives/1332','gplusshare','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" href="https://plus.google.com/share?url=https://blogs.securiteam.com/index.php/archives/1332" class=" googleplus offblack"> <i class="fa fa-google-plus-square"></i><span class="i">Google+</span> </a> </li> </ul> </div> </article> <article class="post-1307 post type-post status-publish format-standard hentry category-commentary category-full-disclosure category-fuzzing" id="post-1307"> <div class="inner"> <h2 class="post-title entry-title"> <a href="https://blogs.securiteam.com/index.php/archives/1307" title="When source code audit fails"> When source code audit fails </a> </h2> <ul class="meta top"> <li class="time"> <a href="https://blogs.securiteam.com/index.php/archives/1307" title="When source code audit fails"><time class="post-date updated" datetime="2009-07-17">July 17, 2009 </time></a> </li> <li class="comments post-tags"> <a href="https://blogs.securiteam.com/index.php/archives/1307#comments">1 Comment</a> </li> <li class="author-m post-tags"> By <span class="vcard author post-author"><span class="fn"><a href="https://blogs.securiteam.com/index.php/archives/author/noam" title="Posts by noam" rel="author">noam</a></span></span> </li> </ul> <div class="post-content"> <p>A <a href="http://xorl.wordpress.com/2009/07/17/linux-kernel-devnettun-null-pointer-dereference/">NULL reference vulnerability</a> in the <em>tun</em> source code of the Linux kernel has been discovered to be “immune” if the code is audited, and vulnerable once GCC has put into place its code optimizations.</p> <p>The vulnerability allows executing arbitrary code and gaining root access.</p> <p>An exploit has been released proving that the vulnerability is not just “theoretically” there, but can be actually exploited.</p> <p>Need we say <a href="http://www.beyondsecurity.com/black-box-testing.html">Black Box Fuzzing</a>? a API fuzzer such as <a href="http://www.beyondsecurity.com/comparison.html">beSTORM</a> would have easily caught as beSTORM can be told to open the /dev/net/tun driver and write data directly to it, one of the first tests it will preform will be the “old” nothing (NULL) data transfer.</p> <p>BTW: If you want to test the vulnerability on your kernel here is a code snip:</p><!-- Crayon Syntax Highlighter v2.7.1 --> <div id="crayon-55ea9c671ded8548776162" class="crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate" data-settings=" minimize scroll-mouseover" style=" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;"> <div class="crayon-toolbar" data-settings=" mouseover overlay hide delay" style="font-size: 12px !important;height: 18px !important; line-height: 18px !important;"><span class="crayon-title"></span> <div class="crayon-tools" style="font-size: 12px !important;height: 18px !important; line-height: 18px !important;"><div class="crayon-button crayon-nums-button" title="Toggle Line Numbers"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-plain-button" title="Toggle Plain Code"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-wrap-button" title="Toggle Line Wrap"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-expand-button" title="Expand Code"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-copy-button" title="Copy"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-popup-button" title="Open Code In New Window"><div class="crayon-button-icon"></div></div></div></div> <div class="crayon-info" style="min-height: 16.8px !important; line-height: 16.8px !important;"></div> <div class="crayon-plain-wrap"><textarea wrap="soft" class="crayon-plain print-no" data-settings="dblclick" readonly style="-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;"> int fd; struct pollfd pfd; fd = open("/dev/net/tun", O_RDWR); pfd.fd = fd; pfd.events = POLLIN | POLLOUT; poll(&pfd, 1, 0);</textarea></div> <div class="crayon-main" style=""> <table class="crayon-table"> <tr class="crayon-row"> <td class="crayon-nums " data-settings="show"> <div class="crayon-nums-content" style="font-size: 12px !important; line-height: 15px !important;"><div class="crayon-num" data-line="crayon-55ea9c671ded8548776162-1">1</div><div class="crayon-num crayon-striped-num" data-line="crayon-55ea9c671ded8548776162-2">2</div><div class="crayon-num" data-line="crayon-55ea9c671ded8548776162-3">3</div><div class="crayon-num crayon-striped-num" data-line="crayon-55ea9c671ded8548776162-4">4</div><div class="crayon-num" data-line="crayon-55ea9c671ded8548776162-5">5</div><div class="crayon-num crayon-striped-num" data-line="crayon-55ea9c671ded8548776162-6">6</div></div> </td> <td class="crayon-code"><div class="crayon-pre" style="font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;"><div class="crayon-line" id="crayon-55ea9c671ded8548776162-1"><span class="crayon-t">int</span><span class="crayon-h"> </span><span class="crayon-v">fd</span><span class="crayon-sy">;</span></div><div class="crayon-line crayon-striped-line" id="crayon-55ea9c671ded8548776162-2"><span class="crayon-t">struct</span><span class="crayon-h"> </span><span class="crayon-e">pollfd </span><span class="crayon-v">pfd</span><span class="crayon-sy">;</span></div><div class="crayon-line" id="crayon-55ea9c671ded8548776162-3"><span class="crayon-v">fd</span><span class="crayon-h"> </span><span class="crayon-o">=</span><span class="crayon-h"> </span><span class="crayon-e">open</span><span class="crayon-sy">(</span><span class="crayon-s">"/dev/net/tun"</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-v">O_RDWR</span><span class="crayon-sy">)</span><span class="crayon-sy">;</span></div><div class="crayon-line crayon-striped-line" id="crayon-55ea9c671ded8548776162-4"><span class="crayon-v">pfd</span><span class="crayon-sy">.</span><span class="crayon-v">fd</span><span class="crayon-h"> </span><span class="crayon-o">=</span><span class="crayon-h"> </span><span class="crayon-v">fd</span><span class="crayon-sy">;</span></div><div class="crayon-line" id="crayon-55ea9c671ded8548776162-5"><span class="crayon-v">pfd</span><span class="crayon-sy">.</span><span class="crayon-v">events</span><span class="crayon-h"> </span><span class="crayon-o">=</span><span class="crayon-h"> </span><span class="crayon-v">POLLIN</span><span class="crayon-h"> </span><span class="crayon-o">|</span><span class="crayon-h"> </span><span class="crayon-v">POLLOUT</span><span class="crayon-sy">;</span></div><div class="crayon-line crayon-striped-line" id="crayon-55ea9c671ded8548776162-6"><span class="crayon-e">poll</span><span class="crayon-sy">(</span><span class="crayon-o">&</span><span class="crayon-v">pfd</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-cn">1</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-cn">0</span><span class="crayon-sy">)</span><span class="crayon-sy">;</span></div></div></td> </tr> </table> </div> </div> <!-- [Format Time: 0.0012 seconds] --> <p></p> </div> <ul class="meta bottom"> <li class="cat post-tags"><a href="https://blogs.securiteam.com/index.php/archives/category/commentary" rel="category tag">Commentary</a> <a href="https://blogs.securiteam.com/index.php/archives/category/full-disclosure" rel="category tag">Full Disclosure</a> <a href="https://blogs.securiteam.com/index.php/archives/category/fuzzing" rel="category tag">Fuzzing</a></li> </ul> <ul class="meta sharer"> <li class="share-on"> <a target="blank" title="When+source+code+audit+fails" href="https://twitter.com/share?text=When+source+code+audit+fails%20-%20&url=https://blogs.securiteam.com/index.php/archives/1307" onclick="window.open('https://twitter.com/share?text=When+source+code+audit+fails%20-%20&url=https://blogs.securiteam.com/index.php/archives/1307','twitter','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" class="twitter"> <i class="fa fa-twitter-square"></i><span class="i">Twitter</span> </a> </li> <li class="share-on"> <a href="http://pinterest.com/pin/create/button/?url=https://blogs.securiteam.com/index.php/archives/1307&media=&description=When+source+code+audit+fails" target="_blank" class=" pinterest offblack"> <i class="fa fa-pinterest-square"></i><span class="i">Pinterest</span> </a> </li> <li class="share-on"> <a target="blank" title="When+source+code+audit+fails" href="http://www.facebook.com/share.php?u=https://blogs.securiteam.com/index.php/archives/1307" onclick="window.open('http://www.facebook.com/share.php?u=https://blogs.securiteam.com/index.php/archives/1307','facebook','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" class=" facebook "> <i class="fa fa-facebook-square"></i><span class="i">Facebook</span> </a> </li> <li class="share-on"> <a onclick="window.open('https://plus.google.com/share?url=https://blogs.securiteam.com/index.php/archives/1307','gplusshare','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" href="https://plus.google.com/share?url=https://blogs.securiteam.com/index.php/archives/1307" class=" googleplus offblack"> <i class="fa fa-google-plus-square"></i><span class="i">Google+</span> </a> </li> </ul> </div> </article> <article class="post-1300 post type-post status-publish format-standard hentry category-commentary category-culture category-fuzzing category-web" id="post-1300"> <div class="inner"> <h2 class="post-title entry-title"> <a href="https://blogs.securiteam.com/index.php/archives/1300" title="milw0rm will stay open, but needs your help"> milw0rm will stay open, but needs your help </a> </h2> <ul class="meta top"> <li class="time"> <a href="https://blogs.securiteam.com/index.php/archives/1300" title="milw0rm will stay open, but needs your help"><time class="post-date updated" datetime="2009-07-11">July 11, 2009 </time></a> </li> <li class="comments post-tags"> <a href="https://blogs.securiteam.com/index.php/archives/1300#comments">1 Comment</a> </li> <li class="author-m post-tags"> By <span class="vcard author post-author"><span class="fn"><a href="https://blogs.securiteam.com/index.php/archives/author/aviram" title="Posts by Aviram" rel="author">Aviram</a></span></span> </li> </ul> <div class="post-content"> <p>Seems like milw0rm will stay up for the near future. In an email from Str0ke, he wrote:</p> <blockquote><p>Way to[o] many people unhappy with me over the<br /> idea of closing shop.  I just needed help which I have alot of people to choose from now</p></blockquote> <p>So the good news, is that we’ll still see milw0rm posting information. But for all of you who were disappointed by milw0rm almost closing: if you want to see it stay open, here’s your chance to help. Just write to str0ke and offer him help – managing a vulnerability database is one of the best ways to gain expertise and learn the field. Plus, you’ll be helping a valuable resource, and making friends along the way.</p> <p>From a personal experience, I can very much recommend it. We started our own <a href="http://www.securiteam.com/">vulnerabilities database</a> much like milw0rm a while back, and it gave us the expertise to build a <a href="http://www.beyondsecurity.com/vulnerability-assessment.html">vulnerability scanner</a>, a <a href="http://www.beyondsecurity.com/beSTORM">fuzzer</a>, and build a profitable business while having fun doing it. So much so, that the original SecuriTeam team is still actively working on editing and posting information.</p> <p>So whether you are looking to sharpen your skills for fun or want to give a boost to your professional career, I highly recommend joining milw0rm (do it now, while str0ke is still accepting applications!)</p> </div> <ul class="meta bottom"> <li class="cat post-tags"><a href="https://blogs.securiteam.com/index.php/archives/category/commentary" rel="category tag">Commentary</a> <a href="https://blogs.securiteam.com/index.php/archives/category/culture" rel="category tag">Culture</a> <a href="https://blogs.securiteam.com/index.php/archives/category/fuzzing" rel="category tag">Fuzzing</a> <a href="https://blogs.securiteam.com/index.php/archives/category/web" rel="category tag">Web</a></li> </ul> <ul class="meta sharer"> <li class="share-on"> <a target="blank" title="milw0rm+will+stay+open%2C+but+needs+your+help" href="https://twitter.com/share?text=milw0rm+will+stay+open%2C+but+needs+your+help%20-%20&url=https://blogs.securiteam.com/index.php/archives/1300" onclick="window.open('https://twitter.com/share?text=milw0rm+will+stay+open%2C+but+needs+your+help%20-%20&url=https://blogs.securiteam.com/index.php/archives/1300','twitter','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" class="twitter"> <i class="fa fa-twitter-square"></i><span class="i">Twitter</span> </a> </li> <li class="share-on"> <a href="http://pinterest.com/pin/create/button/?url=https://blogs.securiteam.com/index.php/archives/1300&media=&description=milw0rm+will+stay+open%2C+but+needs+your+help" target="_blank" class=" pinterest offblack"> <i class="fa fa-pinterest-square"></i><span class="i">Pinterest</span> </a> </li> <li class="share-on"> <a target="blank" title="milw0rm+will+stay+open%2C+but+needs+your+help" href="http://www.facebook.com/share.php?u=https://blogs.securiteam.com/index.php/archives/1300" onclick="window.open('http://www.facebook.com/share.php?u=https://blogs.securiteam.com/index.php/archives/1300','facebook','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" class=" facebook "> <i class="fa fa-facebook-square"></i><span class="i">Facebook</span> </a> </li> <li class="share-on"> <a onclick="window.open('https://plus.google.com/share?url=https://blogs.securiteam.com/index.php/archives/1300','gplusshare','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" href="https://plus.google.com/share?url=https://blogs.securiteam.com/index.php/archives/1300" class=" googleplus offblack"> <i class="fa fa-google-plus-square"></i><span class="i">Google+</span> </a> </li> </ul> </div> </article> <article class="post-1216 post type-post status-publish format-standard hentry category-commentary category-fuzzing" id="post-1216"> <div class="inner"> <h2 class="post-title entry-title"> <a href="https://blogs.securiteam.com/index.php/archives/1216" title="SCTP fuzzing made easy"> SCTP fuzzing made easy </a> </h2> <ul class="meta top"> <li class="time"> <a href="https://blogs.securiteam.com/index.php/archives/1216" title="SCTP fuzzing made easy"><time class="post-date updated" datetime="2008-12-21">December 21, 2008 </time></a> </li> <li class="comments post-tags"> <span>Comments Off<span class="screen-reader-text"> on SCTP fuzzing made easy</span></span> </li> <li class="author-m post-tags"> By <span class="vcard author post-author"><span class="fn"><a href="https://blogs.securiteam.com/index.php/archives/author/noam" title="Posts by noam" rel="author">noam</a></span></span> </li> </ul> <div class="post-content"> <p>With the recent introduction of a native <a href="http://en.wikipedia.org/wiki/SCTP">SCTP</a> library into <a href="http://www.beyondsecurity.com/bestorm_overview.html">beSTORM</a> you can easily <a href="http://www.beyondsecurity.com/black-box-testing.html">fuzz</a> your SCTP based protocols with beSTORM.</p> <p>This includes all our existing protocols as well as SCTP dedicated protocols such as M3UA and MGCP.</p> <p>SCTP for those that aren’t familiar with it is a fairly common protocol in the VoIP and Telecommunication industry it sits upon IP and ‘replaces’ the TCP/UDP layers. It has several benefits over TCP and UDP but it is mainly used because it has been endorsed by the SIGTRAN group as the primary way of communication between two telecommunication providers.</p> </div> <ul class="meta bottom"> <li class="cat post-tags"><a href="https://blogs.securiteam.com/index.php/archives/category/commentary" rel="category tag">Commentary</a> <a href="https://blogs.securiteam.com/index.php/archives/category/fuzzing" rel="category tag">Fuzzing</a></li> </ul> <ul class="meta sharer"> <li class="share-on"> <a target="blank" title="SCTP+fuzzing+made+easy" href="https://twitter.com/share?text=SCTP+fuzzing+made+easy%20-%20&url=https://blogs.securiteam.com/index.php/archives/1216" onclick="window.open('https://twitter.com/share?text=SCTP+fuzzing+made+easy%20-%20&url=https://blogs.securiteam.com/index.php/archives/1216','twitter','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" class="twitter"> <i class="fa fa-twitter-square"></i><span class="i">Twitter</span> </a> </li> <li class="share-on"> <a href="http://pinterest.com/pin/create/button/?url=https://blogs.securiteam.com/index.php/archives/1216&media=&description=SCTP+fuzzing+made+easy" target="_blank" class=" pinterest offblack"> <i class="fa fa-pinterest-square"></i><span class="i">Pinterest</span> </a> </li> <li class="share-on"> <a target="blank" title="SCTP+fuzzing+made+easy" href="http://www.facebook.com/share.php?u=https://blogs.securiteam.com/index.php/archives/1216" onclick="window.open('http://www.facebook.com/share.php?u=https://blogs.securiteam.com/index.php/archives/1216','facebook','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" class=" facebook "> <i class="fa fa-facebook-square"></i><span class="i">Facebook</span> </a> </li> <li class="share-on"> <a onclick="window.open('https://plus.google.com/share?url=https://blogs.securiteam.com/index.php/archives/1216','gplusshare','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" href="https://plus.google.com/share?url=https://blogs.securiteam.com/index.php/archives/1216" class=" googleplus offblack"> <i class="fa fa-google-plus-square"></i><span class="i">Google+</span> </a> </li> </ul> </div> </article> <article class="post-1208 post type-post status-publish format-standard hentry category-commentary category-corporate-security category-culture category-full-disclosure category-fuzzing category-sec-tools" id="post-1208"> <div class="inner"> <h2 class="post-title entry-title"> <a href="https://blogs.securiteam.com/index.php/archives/1208" title="Fuzzing’s Impact on Vulnerability Discovery"> Fuzzing’s Impact on Vulnerability Discovery </a> </h2> <ul class="meta top"> <li class="time"> <a href="https://blogs.securiteam.com/index.php/archives/1208" title="Fuzzing’s Impact on Vulnerability Discovery"><time class="post-date updated" datetime="2008-12-18">December 18, 2008 </time></a> </li> <li class="comments post-tags"> <a href="https://blogs.securiteam.com/index.php/archives/1208#comments">1 Comment</a> </li> <li class="author-m post-tags"> By <span class="vcard author post-author"><span class="fn"><a href="https://blogs.securiteam.com/index.php/archives/author/jbrown" title="Posts by jbrown" rel="author">jbrown</a></span></span> </li> </ul> <div class="post-content"> <p><img alt="fuzzing" src="http://ecx.images-amazon.com/images/I/41RxE0SJEiL.jpg" /></p> <p>I just seen the <a title="new advisory" href="http://www.securityfocus.com/archive/1/499315/30/0/threaded">new advisory</a> for Opera, headlining a ‘memory corruption’ vulnerability that sounds like its triggered by specially crafted html construction, that is gathered from this almost incoherent ‘detailed’ description of the bug:</p> <p>“Certain HTML constructs affecting an internal heap structure. As a result of a pointer calculation, memory may be corrupted in such a way that an attacker could execute arbitrary code.”</p> <p>I often wonder when I see advisories like this if the vulnerabilities have been found by fuzzing.</p> <p>Another bug found in Adobe Flash Player that I also discuss <a title="new isec advisory for adobe" href="http://jbrownsec.blogspot.com/2008/11/new-isec-advisory-for-adobe.html">here</a>, found by <a title="iSEC Partners, Inc" href="http://www.isecpartners.com">iSEC</a>, looks also to be found by <a href="http://www.beyondsecurity.com/black-box-testing.html">fuzzing</a>, but more (nearly directly) implied in the advisory.</p> <p>“iSEC applied targeted fuzzing to the ActionScript 2 virtual machine used by the Adobe Flash player, and identified several issues which could lead to denial of service, information disclosure or code execution when parsing a malicious SWF file. The majority of testing occurred during 120 hours of automated SWF-specific fault injection testing in which several hundred unique control paths were identified that trigger bugs and/or potential vulnerabilities in the Adobe Flash Player. Paths leading to duplicate issues where condensed down to a number of unique problems in the Adobe Flash Player. The primary cause for these vulnerabilities appears to be simple failures in verifying the bounds of compartmentalized structures.”</p> <p>Now, both of these examples could have been found by other means than fuzzing, but I know every time I see scrupulous advisories like those it just makes me wonder. By the way, IMHO Fuzzing: Brute Force Vulnerability Discovery is a great book and a great read. Kudos to the swift, engineering authors as well.</p> <p>You can <a title="browse a list of fuzzers" href="http://packetstormsecurity.org/fuzzer/">browse a list of fuzzers</a> hosting by <a title="PacketStorm Security" href="http://www.packetstormsecurity.org">PacketStorm</a> to exercise your mind even more.</p> <p>So what do you think? Have <a href="http://www.beyondsecurity.com/black-box-testing.html">fuzzers</a>, being at the most ‘trivial’ to write in ideal conditions (well documented protocol, continued aggressive latency, etc), taken a strong hold in many security researcher’s work?</p> </div> <ul class="meta bottom"> <li class="cat post-tags"><a href="https://blogs.securiteam.com/index.php/archives/category/commentary" rel="category tag">Commentary</a> <a href="https://blogs.securiteam.com/index.php/archives/category/corporate-security" rel="category tag">Corporate Security</a> <a href="https://blogs.securiteam.com/index.php/archives/category/culture" rel="category tag">Culture</a> <a href="https://blogs.securiteam.com/index.php/archives/category/full-disclosure" rel="category tag">Full Disclosure</a> <a href="https://blogs.securiteam.com/index.php/archives/category/fuzzing" rel="category tag">Fuzzing</a> <a href="https://blogs.securiteam.com/index.php/archives/category/sec-tools" rel="category tag">Sec Tools</a></li> </ul> <ul class="meta sharer"> <li class="share-on"> <a target="blank" title="Fuzzing%26%238217%3Bs+Impact+on+Vulnerability+Discovery" href="https://twitter.com/share?text=Fuzzing%26%238217%3Bs+Impact+on+Vulnerability+Discovery%20-%20&url=https://blogs.securiteam.com/index.php/archives/1208" onclick="window.open('https://twitter.com/share?text=Fuzzing%26%238217%3Bs+Impact+on+Vulnerability+Discovery%20-%20&url=https://blogs.securiteam.com/index.php/archives/1208','twitter','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" class="twitter"> <i class="fa fa-twitter-square"></i><span class="i">Twitter</span> </a> </li> <li class="share-on"> <a href="http://pinterest.com/pin/create/button/?url=https://blogs.securiteam.com/index.php/archives/1208&media=&description=Fuzzing%26%238217%3Bs+Impact+on+Vulnerability+Discovery" target="_blank" class=" pinterest offblack"> <i class="fa fa-pinterest-square"></i><span class="i">Pinterest</span> </a> </li> <li class="share-on"> <a target="blank" title="Fuzzing%26%238217%3Bs+Impact+on+Vulnerability+Discovery" href="http://www.facebook.com/share.php?u=https://blogs.securiteam.com/index.php/archives/1208" onclick="window.open('http://www.facebook.com/share.php?u=https://blogs.securiteam.com/index.php/archives/1208','facebook','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" class=" facebook "> <i class="fa fa-facebook-square"></i><span class="i">Facebook</span> </a> </li> <li class="share-on"> <a onclick="window.open('https://plus.google.com/share?url=https://blogs.securiteam.com/index.php/archives/1208','gplusshare','width=450,height=300,left='+(screen.availWidth/2-375)+',top='+(screen.availHeight/2-150)+'');return false;" href="https://plus.google.com/share?url=https://blogs.securiteam.com/index.php/archives/1208" class=" googleplus offblack"> <i class="fa fa-google-plus-square"></i><span class="i">Google+</span> </a> </li> </ul> </div> </article> <nav class="pagination"> <ul> <li class="older-posts next-last"> <a href="https://blogs.securiteam.com/index.php/archives/category/fuzzing/" ><i class="fa fa-long-arrow-left"></i> <span>Previous</span></a> </li> <li class="newer-posts next-last"> <a href="https://blogs.securiteam.com/index.php/archives/category/fuzzing/page/3" ><span>Next</span> <i class="fa fa-long-arrow-right"></i></a> </li> </ul> </nav> </div> </section> <div class="sidebar" id="subnavigation"> <div class="widget side"> <div class="textwidget"><div class="fb-like" data-href="http://blogs.securiteam.com" data-send="true" data-width="400" data-show-faces="true"></div></div> </div><div class="widget side"> <div class="textwidget"><div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script></div> </div> <div class="widget side"> <h4>Most recent posts</h4> <ul> <li> <a href="https://blogs.securiteam.com/index.php/archives/2582">SSD Advisory – Multiple Dokeos Vulnerabilities</a> </li> <li> <a href="https://blogs.securiteam.com/index.php/archives/2568">SSD Advisory – IMail Cross Site Scripting</a> </li> <li> <a href="https://blogs.securiteam.com/index.php/archives/2576">SSD Advisory – HP iLO Format String</a> </li> <li> <a href="https://blogs.securiteam.com/index.php/archives/2558">SSD Advisory – AppLock Multiple Vulnerabilities</a> </li> <li> <a href="https://blogs.securiteam.com/index.php/archives/2557">SSD Advisory – Symantec NetBackup OpsCenter Server Java Code Injection RCE</a> </li> <li> <a href="https://blogs.securiteam.com/index.php/archives/2501">SSD Advisory – Microsoft Office Word 2003/2007 Code Execution</a> </li> <li> <a href="https://blogs.securiteam.com/index.php/archives/2552">SSD Advisory – Horde Groupware Files Application XSS</a> </li> <li> <a href="https://blogs.securiteam.com/index.php/archives/2550">SSD Advisory – ZendXml Multibyte Payloads XXE/XEE</a> </li> <li> <a href="https://blogs.securiteam.com/index.php/archives/2548">SSD Adivsory – QNAP QTS LDAP Authentication Remote Code Execution</a> </li> <li> <a href="https://blogs.securiteam.com/index.php/archives/2545">Oracle CSO is right</a> </li> </ul> </div><div class="widget side"> <div class="textwidget"><BR/><BR/><BR/><BR/><BR/><BR/><BR/></div> </div><div class="widget side"><h4>Archives</h4> <ul> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2015/09'>September 2015</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2015/08'>August 2015</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2015/07'>July 2015</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2015/06'>June 2015</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2015/05'>May 2015</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2015/01'>January 2015</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2014/08'>August 2014</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2014/06'>June 2014</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2014/05'>May 2014</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2014/04'>April 2014</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2014/03'>March 2014</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2014/02'>February 2014</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2014/01'>January 2014</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2013/12'>December 2013</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2013/11'>November 2013</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2013/10'>October 2013</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2013/09'>September 2013</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2013/08'>August 2013</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2013/07'>July 2013</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2013/06'>June 2013</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2013/05'>May 2013</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2013/04'>April 2013</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2013/03'>March 2013</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2013/02'>February 2013</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2013/01'>January 2013</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2012/12'>December 2012</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2012/11'>November 2012</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2012/10'>October 2012</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2012/09'>September 2012</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2012/08'>August 2012</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2012/07'>July 2012</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2012/06'>June 2012</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2012/05'>May 2012</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2012/04'>April 2012</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2012/03'>March 2012</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2012/02'>February 2012</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2012/01'>January 2012</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2011/12'>December 2011</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2011/11'>November 2011</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2011/10'>October 2011</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2011/09'>September 2011</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2011/08'>August 2011</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2011/07'>July 2011</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2011/06'>June 2011</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2011/05'>May 2011</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2011/04'>April 2011</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2011/03'>March 2011</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2011/02'>February 2011</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2011/01'>January 2011</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2010/12'>December 2010</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2010/11'>November 2010</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2010/10'>October 2010</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2010/09'>September 2010</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2010/08'>August 2010</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2010/07'>July 2010</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2010/06'>June 2010</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2010/05'>May 2010</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2010/04'>April 2010</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2010/03'>March 2010</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2010/02'>February 2010</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2010/01'>January 2010</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2009/12'>December 2009</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2009/11'>November 2009</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2009/10'>October 2009</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2009/09'>September 2009</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2009/08'>August 2009</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2009/07'>July 2009</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2009/06'>June 2009</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2009/05'>May 2009</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2009/04'>April 2009</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2009/03'>March 2009</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2009/02'>February 2009</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2009/01'>January 2009</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2008/12'>December 2008</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2008/11'>November 2008</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2008/10'>October 2008</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2008/09'>September 2008</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2008/08'>August 2008</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2008/07'>July 2008</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2008/06'>June 2008</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2008/05'>May 2008</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2008/04'>April 2008</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2008/03'>March 2008</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2008/02'>February 2008</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2008/01'>January 2008</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2007/12'>December 2007</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2007/11'>November 2007</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2007/10'>October 2007</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2007/09'>September 2007</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2007/08'>August 2007</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2007/07'>July 2007</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2007/06'>June 2007</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2007/05'>May 2007</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2007/04'>April 2007</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2007/03'>March 2007</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2007/02'>February 2007</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2007/01'>January 2007</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2006/12'>December 2006</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2006/11'>November 2006</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2006/10'>October 2006</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2006/09'>September 2006</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2006/08'>August 2006</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2006/07'>July 2006</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2006/06'>June 2006</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2006/05'>May 2006</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2006/04'>April 2006</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2006/03'>March 2006</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2006/02'>February 2006</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2006/01'>January 2006</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2005/12'>December 2005</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2005/11'>November 2005</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2005/10'>October 2005</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2005/09'>September 2005</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2005/08'>August 2005</a></li> <li><a href='https://blogs.securiteam.com/index.php/archives/date/2005/07'>July 2005</a></li> </ul> </div></div> </div><!-- /content-wrap --> <footer class="main-footer"> <div class="footer-wrap"> <div class="footer-left">© 2015 Textual. Built by <a href="http://www.meanthemes.com" target="_blank">MeanThemes</a></div> <div class="footer-right"> <a href="#top" id="btt"><i class="fa fa-chevron-up"></i><span class="i">Top</span></a> </div> </div> </footer> </div><!-- /wrap --> <script> var ie9 = false; </script> <!--[if lte IE 9 ]> <script> var ie9 = true; </script> <![endif]--> <script> var mobilePosition = 'right'; </script> <script type='text/javascript' src='https://blogs.securiteam.com/wp-content/themes/textual/assets/js/plugins/global-plugins.min.js?ver=1.0.2'></script> <script type='text/javascript' src='https://blogs.securiteam.com/wp-content/themes/textual/assets/js/scripts.min.js?ver=1.0.2'></script> <script type="text/javascript" id="slb_context">/* <![CDATA[ */if ( !!window.jQuery ) {(function($){$(document).ready(function(){if ( !!window.SLB ) { {$.extend(SLB, {"context":["public","user_guest"]});} }})})(jQuery);}/* ]]> */</script> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-29522810-1', 'auto'); ga('send', 'pageview'); </script> </body> </html>