Hi,
I am happy to see the answer of my mail. I thought this mailing list is dead since I have perhaps mailed my mail one month back and i got the answer now :). and not even a single person has posted on this mailing list since then. any way. thanks for the reply.
>One should also obtain older versions of code
>with known vulnerabilities for experimentation.
>with known vulnerabilities for experimentation.
I am experimenting alot these days with different application with known vulnerabilities. even i have triggered the bugs in some and wrote my own version of exploit in order to know how the things work.
I am interested in learning Black box testing with dynamic analysis since there are many black box application with vulnerabilities and i think the application with source code available has already been statically tested and been cleaned of all sorf of bugs. so the chances of
success with black box testing is more then the white box testing.
I am spending perhaps 15 to 18 hours infront of pc trying different things and i am desprate to see things crashing because of new bugs but i got lot of false positivies(bugs already discovered in this case ;) ). Once i was fuzzing one of the application and in the process my olly dubugger itself crashed. I thought hurray! i found a bug in olly debugger itself lets go to work. further analysis revealed that it was a format string buffer overflow but i thought wait a minute some one might have already discovered that bug and googling confirmed my speculation. yet atleast i am learning how things are working and learning day by day. :)
Lets see when first of my bug makes it to the public disclosure before the days of buffer overflows is over. :)
Bye
Tauqeer.
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
_______________________________________________ darklab mailing list [email protected] http://lists.darklab.org/cgi-bin/mailman/listinfo/darklab
