Search Results for: fuzzing
HITB2012AMS Day 1 – Window Shopping
Window Shopping: Browser Bugs Hunting in 2012 In the last talk of Day 1, Roberto Suggi Liverani and Scott Bell (not present during the presentation), security consultants at Security-Assessment.com, will share the results of some intensive browser bug hunting research, and will drop 5 0days. Roberto starts by apologizing about the fact that Scott was not […]
BlackHat EU 2012 – Day 3
Good morning, Since doing live-blogging seemed to work out pretty well yesterday, I’ll do the same thing again today. Please join in for day 3 at BlackHat Europe 2012, in a cloudy and rainy Amsterdam. The first talk I attended today was : “Secure Password Managers” and “Military Grade Encryption” on Smartphones Andrey Belenko and […]
BlackHat Europe 2011 / Day 02
Having missed the IOActive party last night, I woke up fresh and sharp and ready for some kick-ass debugger stuff so I decided to start my second day at BlackHat Europe 2011 with attending the Cisco IOS fuzzing & debugging talk.
Continue reading
BlackHat Europe 2011 / Preview
Things change.
11 months have passed since a lot of people found themselves trapped all over Europe (including Barcelona) because of a little volcano ash cloud thingy.
This is 2011.
This time BlackHat anticipated and outsmarted nature by rescheduling the Europe briefings to march (instead of april).
Continue reading
Metasploit module : HTTP Form field fuzzer
Introduction About a month after releasing an ftp client fuzzer module for Metasploit, I decided to release yet another fuzzer module I have been working on over the last few weeks. This new module can be used to audit web servers/web server plugins/components/filters, by fuzzing form fields and optionally fuzz some header fields. While this […]
Death of an ftp client / Birth of Metasploit modules
Over the past few weeks, Corelan Team has given its undivided attention to fuzzing ftp client applications.
Using a custom built ftp client fuzzer, now part of the Metasploit framework, the team has audited several ftp clients and applications that use an embedded client ftp component. One example of such an application is a tool that would synchronize / backup data from a computer to a remote ftp server.
The 3 main audit/attack vectors that were used during the “project” were
send back overly long responses to ftp commands / requests sent by the ftp client to the server
send back a file/directory listing that contains overly long file/folder names
try to download a file that has an overly long filename.
Continue reading
Blackhat Europe 2010 Barcelona – Day 10
I got up early this morning, trying to be sharp and well prepared for day 2 of the BlackHat briefings. As some of you may know, I’m not really a morning person, so I usually need some time to wake up and wait until all components in my body start functioning again. After one day […]
About me
Hi, My name is Peter Van Eeckhoutte. I was born in 1975 and spent my childhood in a small town called Vichte, Belgium. 14 years later, I got my first computer and about 5 years later I started working in a computer shop where I was responsible for the technical department, servers/network installations, etc… I […]
Simple FTP Fuzzer – Metasploit Module
If you want to show your respect for my free tools and free support, please consider a small donation : Download : Update (July 2010) : the ftp fuzzer has been merged into the Metasploit tree. You do no longer need to download the script here. If you are using the latest version of Metasploit […]
Donate
Your donation will help funding server hosting.
