lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 6 Mar 2009 18:58:10 -0500
From: Pete Licoln <pete.licoln@...il.com>
To: bobby.mugabe@...h.com, full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: List of Fuzzers

Ask Jeremy he's fuzzer-man !
http://www.canmag.com/images/front/movies2007/hotfuzzposter5.jpg

2009/3/6 <bobby.mugabe@...h.com>

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dear list,
>
> Which fuzzer on this list will help me find the most security
> exploits?
>
> Thanks,
> - -bm
>
> On Fri, 06 Mar 2009 18:37:01 -0500 Jeremy Brown
> <0xjbrown41@...il.com> wrote:
> >Don't act like you've gave any constructive advice to anyone in
> >your life.
> >
> >Thanks for trolling, please don't come again.
> >
> >On Fri, Mar 6, 2009 at 6:21 PM, Pete Licoln
> ><pete.licoln@...il.com> wrote:
> >> Ok cool, then keep it up Jeremy.
> >> At least you wont be able to say no one told you.
> >>
> >> 2009/3/6 Jeremy Brown <0xjbrown41@...il.com>
> >>>
> >>> I consider you a loser, Pete/Julio/Loser.
> >>>
> >>> On Fri, Mar 6, 2009 at 3:03 PM, Pete Licoln
> ><pete.licoln@...il.com> wrote:
> >>> > Well .. what i say is true.
> >>> > If you cant argue on the subject then shut the hell up.
> >>> >
> >>> >
> >>> > 2009/3/6 Rubén Camarero <rjcamarero@...il.com>
> >>> >>
> >>> >> Dont satisfy this idiot with a response, thats what he
> >likes..
> >>> >> Everybody
> >>> >> knows Petie is a troll on every list just use google
> >>> >>
> >>> >> On Fri, Mar 6, 2009 at 10:56 AM, Jeremy Brown
> ><0xjbrown41@...il.com>
> >>> >> wrote:
> >>> >>>
> >>> >>> The reason anyone writes a fuzzer is to find bugs. Those
> >that I have
> >>> >>> written are of course for the same purpose as the 101
> >listed: to find
> >>> >>> security bugs. Your ideas are as meaningless and unhelpful
> >as they
> >>> >>> have been in the past. You have no goal but to troll and
> >try to make
> >>> >>> people look like fools, but you are clearly the ignorant
> >one.
> >>> >>>
> >>> >>> What have you ever written? Let us see some of your code to
> >poke fun
> >>> >>> of. If it is as imperfect as you then we'd have a day of
> >fun.
> >>> >>>
> >>> >>> >What's hilarious is that none of them are usefull :)
> >>> >>>
> >>> >>> http://www.milw0rm.com/author/1531
> >>> >>> http://www.milw0rm.com/author/1835
> >>> >>>
> >>> >>> 90% of the research above were found by fuzzing, and those
> >are public.
> >>> >>> Clearly my fuzzers are useful.
> >>> >>>
> >>> >>> >You should really learn the protocol you want to fuzz, and
> >develop a
> >>> >>> >strategy before you create anything else.
> >>> >>>
> >>> >>> Although mistakes are inevitable, and seeming how the stuff
> >I write
> >>> >>> are pretty coherent to the protocol, your statements, once
> >again, are
> >>> >>> unjustifiable. The strategy is simple: gather points of
> >input, fuzz
> >>> >>> them, and watch for exceptions. Obviously.
> >>> >>>
> >>> >>> >Every fuzzer you've made use the SAME way to ""fuzz"" for
> >differents
> >>> >>> > app/protocol.
> >>> >>>
> >>> >>> Because using a fuzzing oracle is a very good way to
> >identify security
> >>> >>> bugs. Throwing random data will surely find lots of
> >programming
> >>> >>> errors, but I want a shell.
> >>> >>>
> >>> >>> > The only change i see is your last fuzzer .. written in a
> >different
> >>> >>> > language, but still the same way ...
> >>> >>>
> >>> >>> Yeah, I wrote it in C, and implemented a fuzzing oracle
> >that way. I
> >>> >>> probably put 100 hours into it, and it gave back some nice
> >return. As
> >>> >>> like the others.
> >>> >>>
> >>> >>> So, "what ever your real name is", I will continue to write
> >fuzzers
> >>> >>> and exploits. If you comments are meant to bend my attitude
> >or
> >>> >>> research rather than to troll, you don't have a chance, so
> >get on with
> >>> >>> your life and I will get on with mine. What a conclusion.
> >>> >>>
> >>> >>>
> >>> >>> On Fri, Mar 6, 2009 at 10:22 AM, Pete Licoln
> ><pete.licoln@...il.com>
> >>> >>> wrote:
> >>> >>> > What's hilarious is that none of them are usefull :)
> >>> >>> > You should really learn the protocol you want to fuzz,
> >and develop a
> >>> >>> > strategy before you create anything else.
> >>> >>> > Every fuzzer you've made use the SAME way to ""fuzz"" for
> >differents
> >>> >>> > app/protocol.
> >>> >>> >
> >>> >>> > The only change i see is your last fuzzer .. written in a
> >different
> >>> >>> > language, but still the same way ...
> >>> >>> >
> >>> >>> > 2009/3/5 Jeremy Brown <0xjbrown41@...il.com>
> >>> >>> >>
> >>> >>> >> That is hilarious LOL!
> >>> >>> >>
> >>> >>> >> On Thu, Mar 5, 2009 at 11:14 PM, Pete Licoln
> >>> >>> >> <pete.licoln@...il.com>
> >>> >>> >> wrote:
> >>> >>> >> > 11 fuzzers matchs for Jeremy Brown on this page LOL !
> >>> >>> >> >
> >>> >>> >> > 2009/3/5 Krakow Labs <krakowlabs@...il.com>
> >>> >>> >> >>
> >>> >>> >> >> Krakow Labs maintains a current list of security
> >driven fuzzing
> >>> >>> >> >> technologies.
> >>> >>> >> >>
> >>> >>> >> >> http://www.krakowlabs.com/lof.html
> >>> >>> >> >>
> >>> >>> >> >> _______________________________________________
> >>> >>> >> >> Full-Disclosure - We believe in it.
> >>> >>> >> >> Charter: http://lists.grok.org.uk/full-disclosure-
> >charter.html
> >>> >>> >> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>> >>> >> >
> >>> >>> >> >
> >>> >>> >> >
> >>> >>> >> > _______________________________________________
> >>> >>> >> > Full-Disclosure - We believe in it.
> >>> >>> >> > Charter: http://lists.grok.org.uk/full-disclosure-
> >charter.html
> >>> >>> >> > Hosted and sponsored by Secunia - http://secunia.com/
> >>> >>> >> >
> >>> >>> >>
> >>> >>> >> _______________________________________________
> >>> >>> >> Full-Disclosure - We believe in it.
> >>> >>> >> Charter: http://lists.grok.org.uk/full-disclosure-
> >charter.html
> >>> >>> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>> >>> >
> >>> >>> >
> >>> >>> >
> >>> >>>
> >>> >>> _______________________________________________
> >>> >>> Full-Disclosure - We believe in it.
> >>> >>> Charter: http://lists.grok.org.uk/full-disclosure-
> >charter.html
> >>> >>> Hosted and sponsored by Secunia - http://secunia.com/
> >>> >>
> >>> >>
> >>> >>
> >>> >> --
> >>> >> Rubén Camarero
> >>> >> CCNA, CISSP
> >>> >>
> >>> >> _______________________________________________
> >>> >> Full-Disclosure - We believe in it.
> >>> >> Charter: http://lists.grok.org.uk/full-disclosure-
> >charter.html
> >>> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>> >
> >>> >
> >>> > _______________________________________________
> >>> > Full-Disclosure - We believe in it.
> >>> > Charter: http://lists.grok.org.uk/full-disclosure-
> >charter.html
> >>> > Hosted and sponsored by Secunia - http://secunia.com/
> >>> >
> >>>
> >>> _______________________________________________
> >>> Full-Disclosure - We believe in it.
> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >>
> >>
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
> -----BEGIN PGP SIGNATURE-----
> Charset: UTF8
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 3.0
>
> wpwEAQMCAAYFAkmxtgcACgkQT2/djsYXr/IXigQAgDdkR+dskgmYHYPQeCcKe3QlT7xf
> w0eZDSu0ecbO2vXy0oicANDezPfZDuadwtB6L8Cwoon04gfjVYxTr6GyyvW7hUmAaLt9
> 7GEL/Hh2/cL5rzSzz9mDNOUFrU0S8VanhMVvwjXKtFWNzAWiwfj26lvb8KVRlwfNGlP3
> gVnFnbE=
> =Sy3u
> -----END PGP SIGNATURE-----
>
> --
> Be a Certified Nursing Assistant. Get local training today.
>
> http://tagline.hushmail.com/fc/BLSrjkqoiOCPCoMRK9ZgmTNsCtwOZXGIyrzJkWo3YmH0IyTAFJVy7s9Krni/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ