Ask Jeremy he's fuzzer-man ! http://www.canmag.com/images/front/movies2007/hotfuzzposter5.jpg
2009/3/6 <[email protected]> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dear list, > > Which fuzzer on this list will help me find the most security > exploits? > > Thanks, > - -bm > > On Fri, 06 Mar 2009 18:37:01 -0500 Jeremy Brown > <[email protected]> wrote: > >Don't act like you've gave any constructive advice to anyone in > >your life. > > > >Thanks for trolling, please don't come again. > > > >On Fri, Mar 6, 2009 at 6:21 PM, Pete Licoln > ><[email protected]> wrote: > >> Ok cool, then keep it up Jeremy. > >> At least you wont be able to say no one told you. > >> > >> 2009/3/6 Jeremy Brown <[email protected]> > >>> > >>> I consider you a loser, Pete/Julio/Loser. > >>> > >>> On Fri, Mar 6, 2009 at 3:03 PM, Pete Licoln > ><[email protected]> wrote: > >>> > Well .. what i say is true. > >>> > If you cant argue on the subject then shut the hell up. > >>> > > >>> > > >>> > 2009/3/6 Rubén Camarero <[email protected]> > >>> >> > >>> >> Dont satisfy this idiot with a response, thats what he > >likes.. > >>> >> Everybody > >>> >> knows Petie is a troll on every list just use google > >>> >> > >>> >> On Fri, Mar 6, 2009 at 10:56 AM, Jeremy Brown > ><[email protected]> > >>> >> wrote: > >>> >>> > >>> >>> The reason anyone writes a fuzzer is to find bugs. Those > >that I have > >>> >>> written are of course for the same purpose as the 101 > >listed: to find > >>> >>> security bugs. Your ideas are as meaningless and unhelpful > >as they > >>> >>> have been in the past. You have no goal but to troll and > >try to make > >>> >>> people look like fools, but you are clearly the ignorant > >one. > >>> >>> > >>> >>> What have you ever written? Let us see some of your code to > >poke fun > >>> >>> of. If it is as imperfect as you then we'd have a day of > >fun. > >>> >>> > >>> >>> >What's hilarious is that none of them are usefull :) > >>> >>> > >>> >>> http://www.milw0rm.com/author/1531 > >>> >>> http://www.milw0rm.com/author/1835 > >>> >>> > >>> >>> 90% of the research above were found by fuzzing, and those > >are public. > >>> >>> Clearly my fuzzers are useful. > >>> >>> > >>> >>> >You should really learn the protocol you want to fuzz, and > >develop a > >>> >>> >strategy before you create anything else. > >>> >>> > >>> >>> Although mistakes are inevitable, and seeming how the stuff > >I write > >>> >>> are pretty coherent to the protocol, your statements, once > >again, are > >>> >>> unjustifiable. The strategy is simple: gather points of > >input, fuzz > >>> >>> them, and watch for exceptions. Obviously. > >>> >>> > >>> >>> >Every fuzzer you've made use the SAME way to ""fuzz"" for > >differents > >>> >>> > app/protocol. > >>> >>> > >>> >>> Because using a fuzzing oracle is a very good way to > >identify security > >>> >>> bugs. Throwing random data will surely find lots of > >programming > >>> >>> errors, but I want a shell. > >>> >>> > >>> >>> > The only change i see is your last fuzzer .. written in a > >different > >>> >>> > language, but still the same way ... > >>> >>> > >>> >>> Yeah, I wrote it in C, and implemented a fuzzing oracle > >that way. I > >>> >>> probably put 100 hours into it, and it gave back some nice > >return. As > >>> >>> like the others. > >>> >>> > >>> >>> So, "what ever your real name is", I will continue to write > >fuzzers > >>> >>> and exploits. If you comments are meant to bend my attitude > >or > >>> >>> research rather than to troll, you don't have a chance, so > >get on with > >>> >>> your life and I will get on with mine. What a conclusion. > >>> >>> > >>> >>> > >>> >>> On Fri, Mar 6, 2009 at 10:22 AM, Pete Licoln > ><[email protected]> > >>> >>> wrote: > >>> >>> > What's hilarious is that none of them are usefull :) > >>> >>> > You should really learn the protocol you want to fuzz, > >and develop a > >>> >>> > strategy before you create anything else. > >>> >>> > Every fuzzer you've made use the SAME way to ""fuzz"" for > >differents > >>> >>> > app/protocol. > >>> >>> > > >>> >>> > The only change i see is your last fuzzer .. written in a > >different > >>> >>> > language, but still the same way ... > >>> >>> > > >>> >>> > 2009/3/5 Jeremy Brown <[email protected]> > >>> >>> >> > >>> >>> >> That is hilarious LOL! > >>> >>> >> > >>> >>> >> On Thu, Mar 5, 2009 at 11:14 PM, Pete Licoln > >>> >>> >> <[email protected]> > >>> >>> >> wrote: > >>> >>> >> > 11 fuzzers matchs for Jeremy Brown on this page LOL ! > >>> >>> >> > > >>> >>> >> > 2009/3/5 Krakow Labs <[email protected]> > >>> >>> >> >> > >>> >>> >> >> Krakow Labs maintains a current list of security > >driven fuzzing > >>> >>> >> >> technologies. > >>> >>> >> >> > >>> >>> >> >> http://www.krakowlabs.com/lof.html > >>> >>> >> >> > >>> >>> >> >> _______________________________________________ > >>> >>> >> >> Full-Disclosure - We believe in it. > >>> >>> >> >> Charter: http://lists.grok.org.uk/full-disclosure- > >charter.html > >>> >>> >> >> Hosted and sponsored by Secunia - http://secunia.com/ > >>> >>> >> > > >>> >>> >> > > >>> >>> >> > > >>> >>> >> > _______________________________________________ > >>> >>> >> > Full-Disclosure - We believe in it. > >>> >>> >> > Charter: http://lists.grok.org.uk/full-disclosure- > >charter.html > >>> >>> >> > Hosted and sponsored by Secunia - http://secunia.com/ > >>> >>> >> > > >>> >>> >> > >>> >>> >> _______________________________________________ > >>> >>> >> Full-Disclosure - We believe in it. > >>> >>> >> Charter: http://lists.grok.org.uk/full-disclosure- > >charter.html > >>> >>> >> Hosted and sponsored by Secunia - http://secunia.com/ > >>> >>> > > >>> >>> > > >>> >>> > > >>> >>> > >>> >>> _______________________________________________ > >>> >>> Full-Disclosure - We believe in it. > >>> >>> Charter: http://lists.grok.org.uk/full-disclosure- > >charter.html > >>> >>> Hosted and sponsored by Secunia - http://secunia.com/ > >>> >> > >>> >> > >>> >> > >>> >> -- > >>> >> Rubén Camarero > >>> >> CCNA, CISSP > >>> >> > >>> >> _______________________________________________ > >>> >> Full-Disclosure - We believe in it. > >>> >> Charter: http://lists.grok.org.uk/full-disclosure- > >charter.html > >>> >> Hosted and sponsored by Secunia - http://secunia.com/ > >>> > > >>> > > >>> > _______________________________________________ > >>> > Full-Disclosure - We believe in it. > >>> > Charter: http://lists.grok.org.uk/full-disclosure- > >charter.html > >>> > Hosted and sponsored by Secunia - http://secunia.com/ > >>> > > >>> > >>> _______________________________________________ > >>> Full-Disclosure - We believe in it. > >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>> Hosted and sponsored by Secunia - http://secunia.com/ > >> > >> > >> > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > -----BEGIN PGP SIGNATURE----- > Charset: UTF8 > Note: This signature can be verified at https://www.hushtools.com/verify > Version: Hush 3.0 > > wpwEAQMCAAYFAkmxtgcACgkQT2/djsYXr/IXigQAgDdkR+dskgmYHYPQeCcKe3QlT7xf > w0eZDSu0ecbO2vXy0oicANDezPfZDuadwtB6L8Cwoon04gfjVYxTr6GyyvW7hUmAaLt9 > 7GEL/Hh2/cL5rzSzz9mDNOUFrU0S8VanhMVvwjXKtFWNzAWiwfj26lvb8KVRlwfNGlP3 > gVnFnbE= > =Sy3u > -----END PGP SIGNATURE----- > > -- > Be a Certified Nursing Assistant. Get local training today. > > http://tagline.hushmail.com/fc/BLSrjkqoiOCPCoMRK9ZgmTNsCtwOZXGIyrzJkWo3YmH0IyTAFJVy7s9Krni/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
