Re: Re New Binary Bruteforcing Method Discovered

From: Jeff Schaller (schaller@freeshell.org)
Date: 03/28/02

• Previous message: mail;: "Re: Re New Binary Bruteforcing Method Discovered"
• In reply to: John: "Re: Re New Binary Bruteforcing Method Discovered"
• Next in thread: John: "Re: Re New Binary Bruteforcing Method Discovered"
• Reply: John: "Re: Re New Binary Bruteforcing Method Discovered"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 28 Mar 2002 01:21:38 +0000 (UTC)
From: Jeff Schaller <schaller@freeshell.org>
To: John <johns@tampabay.rr.com>

On Wed, 27 Mar 2002, John wrote:

> A while back there was a tool that was released that would brute force
> binaries and attempt to exploit the bug. It attempted to exploit simple
> stack overflows, but it was a nice tool at the time.
>
> http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0710.html

<two cents>
I wrote a paper for SANS last summer which surveyed the available
auditing tools (source code scanners, black box testers, and known
exploits). Against the simple target program I chose (Hobbit's
"webs"), the black-box testers failed miserably, for reasons that
I go into in the paper (basically, that they aren't
protocol-aware). Brute-force black-box scanners catch the
low-hanging fruit, bug-wise.

Direct URL (the report is the HTML file inside the ZIP file):
        http://www.giac.org/practical/Jeff_Schaller_GSNA.zip

Other reports available from:
        http://www.giac.org/GSNA.php
</two cents>

-jeff

-- 
Last week, scientists announced the first-ever cloning of a human embryo,
which they hope to mine for stem cells to treat diseases. What do you think?
"I think I'll just sit back and let the ignorant, hysterical Christians
handle this one." Peter Jordan, Systems Analyst. The Onion.

---

• Previous message: mail;: "Re: Re New Binary Bruteforcing Method Discovered"
• In reply to: John: "Re: Re New Binary Bruteforcing Method Discovered"
• Next in thread: John: "Re: Re New Binary Bruteforcing Method Discovered"
• Reply: John: "Re: Re New Binary Bruteforcing Method Discovered"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Heres your Red Cross.... ... spends 3.something percent to raise a dollar. ... something cents to raise a dollar. ... The point isn't that RC's figures are accurate, but that the faith-based orgs don't have to report the docs that allow calculation of the common stats that allow easy comparison. ... self-appointed, and VERY closely held org says if I can see evidence of good works. ... (rec.outdoors.fishing.fly) Re: Line Spacing? ... Understand what the On Print event is: When an Access report is run, ... "Rick" wrote in message ... > Okay I tried the VBA code and here's what I put in and I ... (microsoft.public.access.reports) Re: Delphi 2005 Blue Screening ... > onwards) when it tries to display an HTML file. ... try opening any old html file from D2005. ... as report number QC 9859. ... (borland.public.delphi.non-technical) Export Chart as HTML ... html file that I can load into Sharepoint for end users to view. ... report with the chart and I can print the report and export it as a snapshot ... not show the content of chart element? ... (microsoft.public.access.reports) Re: Export Chart as HTML ... an html file that I can load into Sharepoint for end users to view. ... have the report with the chart and I can print the report and export it ... Rick Brandt, Microsoft Access MVP ... (microsoft.public.access.reports)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2002-03