Re: Re New Binary Bruteforcing Method Discovered
From: Jeff Schaller (schaller@freeshell.org)Date: 03/28/02
- Previous message: mail;: "Re: Re New Binary Bruteforcing Method Discovered"
- In reply to: John: "Re: Re New Binary Bruteforcing Method Discovered"
- Next in thread: John: "Re: Re New Binary Bruteforcing Method Discovered"
- Reply: John: "Re: Re New Binary Bruteforcing Method Discovered"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Mar 2002 01:21:38 +0000 (UTC) From: Jeff Schaller <schaller@freeshell.org> To: John <johns@tampabay.rr.com>
On Wed, 27 Mar 2002, John wrote:
> A while back there was a tool that was released that would brute force
> binaries and attempt to exploit the bug. It attempted to exploit simple
> stack overflows, but it was a nice tool at the time.
>
> http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0710.html
<two cents>
I wrote a paper for SANS last summer which surveyed the available
auditing tools (source code scanners, black box testers, and known
exploits). Against the simple target program I chose (Hobbit's
"webs"), the black-box testers failed miserably, for reasons that
I go into in the paper (basically, that they aren't
protocol-aware). Brute-force black-box scanners catch the
low-hanging fruit, bug-wise.
Direct URL (the report is the HTML file inside the ZIP file):
http://www.giac.org/practical/Jeff_Schaller_GSNA.zip
Other reports available from:
http://www.giac.org/GSNA.php
</two cents>
-jeff
-- Last week, scientists announced the first-ever cloning of a human embryo, which they hope to mine for stem cells to treat diseases. What do you think? "I think I'll just sit back and let the ignorant, hysterical Christians handle this one." Peter Jordan, Systems Analyst. The Onion.
- Previous message: mail;: "Re: Re New Binary Bruteforcing Method Discovered"
- In reply to: John: "Re: Re New Binary Bruteforcing Method Discovered"
- Next in thread: John: "Re: Re New Binary Bruteforcing Method Discovered"
- Reply: John: "Re: Re New Binary Bruteforcing Method Discovered"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|