lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4C07DDC2.6010602@morenops.com>
Date: Thu, 03 Jun 2010 18:52:18 +0200
From: Jon <jg@...enops.com>
To: webDEViL <w3bd3vil@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Egurra: A dumb file format fuzzer

2010/06/03 17:18(e)an, webDEViL(e)k idatzi zuen:
> Has this got anything different than filefuzz released years ago!
Yes it has. Not necessarily "better" features, but certainly different ones.

To start, it doesn't take a single input file and then mutate it. You
can build a pool of files that provide better code coverage in the
fuzzed binary than what a single file could achieve. Second, it doesn't
allow you to choose how much bytes and where and with what values to
mutate. Boldy, it mutates random amount bytes (adjusted to a certain
percent of the filesize, a.k.a fuzzfactor) with random values at random
places in the sample file that is randomly chosen from the sample pool.
Although less effective in short term, in the long term you can
potentially test all mutable posibilities. In this sense, the amount of
fuzzed code in the target increases alongside the computation time provided.

Most of this (and more) was explained in the post though.

-- 
jg - www.morenops.com



Download attachment "signature.asc" of type "application/pgp-signature" (553 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ