Active security testing, Fabien explains, is the process of generating input which travel in the application, hit a sink and violate a property. It applies to all kinds of vulnerabilities, not just limited to buffer overflows Read more
Good morning friends, welcome to Hack In The Box 2014, hosted at “De Beurs van Berlage” in the beautiful city of Amsterdam. This year’s edition starts with a keynote by Katie Moussouris, previous lead at Microsoft Security Read more
Table of Contents
Good morning friends,
I’d like to welcome you back on this second day of BlackHat Europe 2013. Day 1 has been pretty interesting, so let’s see how day 2 goes (especially after Rapid7 and IOActive parties last night). Read more
For the past year or so I’ve spent a significant amount of time fuzzing various applications with the hopes of identifying exploitable crashes. Early on in my research I quickly realized that building fuzzers and generating large quantities Read more
(by Alex Bazhanyuk (not present) and Nikita Tarakanov, Reverse Engineers, CISS)
Nikita explains they have been working on reversing binaries and auditing source code for a Read more
Good morning,
Since doing live-blogging seemed to work out pretty well yesterday, I’ll do the same thing again today. Please join in for day 3 at BlackHat Europe 2012, in a cloudy and rainy Amsterdam.
The first talk Read more
About a month after releasing an ftp client fuzzer module for Metasploit, I decided to release yet another fuzzer module I have been working on over the last few weeks.
This new module can be used to audit Read more
In memory fuzzing is a technique that allows the analyst to bypass parsers; network-related limitations such as max connections, buit-in IDS or flooding protection; encrypted or unknown (poorly documented) protocol in order to fuzz the actual underlying assembly Read more
