Gabby, As a general rule, I am opposed to fuzz. Those that are prebuscent and / or lack the appropriate testosterone levels to develop full and bushy facial hair should leave matters to the professionals.
That said, I have been most impressed with the work of the markedly hairless Mssr. Pedram Amini and his Sulley Fuzzing Framework, located at http://www.fuzzing.org/wp-content/sulley.zip. I believe there was a Lebanese gentleman (also notably lacking in facial hair) from the NSA who created another popular fuzzing tool, but I believe it was primarily only for crashing Java applications and developing Python tutorials. Your humble servant, The vunts ja Valdis On Fri, Mar 6, 2009 at 5:47 PM, <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dear list, > > Which fuzzer on this list will help me find the most security > exploits? > > Thanks, > - -bm > > On Fri, 06 Mar 2009 18:37:01 -0500 Jeremy Brown > <[email protected]> wrote: >>Don't act like you've gave any constructive advice to anyone in >>your life. >> >>Thanks for trolling, please don't come again. >> >>On Fri, Mar 6, 2009 at 6:21 PM, Pete Licoln >><[email protected]> wrote: >>> Ok cool, then keep it up Jeremy. >>> At least you wont be able to say no one told you. >>> >>> 2009/3/6 Jeremy Brown <[email protected]> >>>> >>>> I consider you a loser, Pete/Julio/Loser. >>>> >>>> On Fri, Mar 6, 2009 at 3:03 PM, Pete Licoln >><[email protected]> wrote: >>>> > Well .. what i say is true. >>>> > If you cant argue on the subject then shut the hell up. >>>> > >>>> > >>>> > 2009/3/6 Rubén Camarero <[email protected]> >>>> >> >>>> >> Dont satisfy this idiot with a response, thats what he >>likes.. >>>> >> Everybody >>>> >> knows Petie is a troll on every list just use google >>>> >> >>>> >> On Fri, Mar 6, 2009 at 10:56 AM, Jeremy Brown >><[email protected]> >>>> >> wrote: >>>> >>> >>>> >>> The reason anyone writes a fuzzer is to find bugs. Those >>that I have >>>> >>> written are of course for the same purpose as the 101 >>listed: to find >>>> >>> security bugs. Your ideas are as meaningless and unhelpful >>as they >>>> >>> have been in the past. You have no goal but to troll and >>try to make >>>> >>> people look like fools, but you are clearly the ignorant >>one. >>>> >>> >>>> >>> What have you ever written? Let us see some of your code to >>poke fun >>>> >>> of. If it is as imperfect as you then we'd have a day of >>fun. >>>> >>> >>>> >>> >What's hilarious is that none of them are usefull :) >>>> >>> >>>> >>> http://www.milw0rm.com/author/1531 >>>> >>> http://www.milw0rm.com/author/1835 >>>> >>> >>>> >>> 90% of the research above were found by fuzzing, and those >>are public. >>>> >>> Clearly my fuzzers are useful. >>>> >>> >>>> >>> >You should really learn the protocol you want to fuzz, and >>develop a >>>> >>> >strategy before you create anything else. >>>> >>> >>>> >>> Although mistakes are inevitable, and seeming how the stuff >>I write >>>> >>> are pretty coherent to the protocol, your statements, once >>again, are >>>> >>> unjustifiable. The strategy is simple: gather points of >>input, fuzz >>>> >>> them, and watch for exceptions. Obviously. >>>> >>> >>>> >>> >Every fuzzer you've made use the SAME way to ""fuzz"" for >>differents >>>> >>> > app/protocol. >>>> >>> >>>> >>> Because using a fuzzing oracle is a very good way to >>identify security >>>> >>> bugs. Throwing random data will surely find lots of >>programming >>>> >>> errors, but I want a shell. >>>> >>> >>>> >>> > The only change i see is your last fuzzer .. written in a >>different >>>> >>> > language, but still the same way ... >>>> >>> >>>> >>> Yeah, I wrote it in C, and implemented a fuzzing oracle >>that way. I >>>> >>> probably put 100 hours into it, and it gave back some nice >>return. As >>>> >>> like the others. >>>> >>> >>>> >>> So, "what ever your real name is", I will continue to write >>fuzzers >>>> >>> and exploits. If you comments are meant to bend my attitude >>or >>>> >>> research rather than to troll, you don't have a chance, so >>get on with >>>> >>> your life and I will get on with mine. What a conclusion. >>>> >>> >>>> >>> >>>> >>> On Fri, Mar 6, 2009 at 10:22 AM, Pete Licoln >><[email protected]> >>>> >>> wrote: >>>> >>> > What's hilarious is that none of them are usefull :) >>>> >>> > You should really learn the protocol you want to fuzz, >>and develop a >>>> >>> > strategy before you create anything else. >>>> >>> > Every fuzzer you've made use the SAME way to ""fuzz"" for >>differents >>>> >>> > app/protocol. >>>> >>> > >>>> >>> > The only change i see is your last fuzzer .. written in a >>different >>>> >>> > language, but still the same way ... >>>> >>> > >>>> >>> > 2009/3/5 Jeremy Brown <[email protected]> >>>> >>> >> >>>> >>> >> That is hilarious LOL! >>>> >>> >> >>>> >>> >> On Thu, Mar 5, 2009 at 11:14 PM, Pete Licoln >>>> >>> >> <[email protected]> >>>> >>> >> wrote: >>>> >>> >> > 11 fuzzers matchs for Jeremy Brown on this page LOL ! >>>> >>> >> > >>>> >>> >> > 2009/3/5 Krakow Labs <[email protected]> >>>> >>> >> >> >>>> >>> >> >> Krakow Labs maintains a current list of security >>driven fuzzing >>>> >>> >> >> technologies. >>>> >>> >> >> >>>> >>> >> >> http://www.krakowlabs.com/lof.html >>>> >>> >> >> >>>> >>> >> >> _______________________________________________ >>>> >>> >> >> Full-Disclosure - We believe in it. >>>> >>> >> >> Charter: http://lists.grok.org.uk/full-disclosure- >>charter.html >>>> >>> >> >> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>> >> > >>>> >>> >> > >>>> >>> >> > >>>> >>> >> > _______________________________________________ >>>> >>> >> > Full-Disclosure - We believe in it. >>>> >>> >> > Charter: http://lists.grok.org.uk/full-disclosure- >>charter.html >>>> >>> >> > Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>> >> > >>>> >>> >> >>>> >>> >> _______________________________________________ >>>> >>> >> Full-Disclosure - We believe in it. >>>> >>> >> Charter: http://lists.grok.org.uk/full-disclosure- >>charter.html >>>> >>> >> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>> > >>>> >>> > >>>> >>> > >>>> >>> >>>> >>> _______________________________________________ >>>> >>> Full-Disclosure - We believe in it. >>>> >>> Charter: http://lists.grok.org.uk/full-disclosure- >>charter.html >>>> >>> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >> >>>> >> >>>> >> >>>> >> -- >>>> >> Rubén Camarero >>>> >> CCNA, CISSP >>>> >> >>>> >> _______________________________________________ >>>> >> Full-Disclosure - We believe in it. >>>> >> Charter: http://lists.grok.org.uk/full-disclosure- >>charter.html >>>> >> Hosted and sponsored by Secunia - http://secunia.com/ >>>> > >>>> > >>>> > _______________________________________________ >>>> > Full-Disclosure - We believe in it. >>>> > Charter: http://lists.grok.org.uk/full-disclosure- >>charter.html >>>> > Hosted and sponsored by Secunia - http://secunia.com/ >>>> > >>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >>> >> >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>Hosted and sponsored by Secunia - http://secunia.com/ > -----BEGIN PGP SIGNATURE----- > Charset: UTF8 > Note: This signature can be verified at https://www.hushtools.com/verify > Version: Hush 3.0 > > wpwEAQMCAAYFAkmxtgcACgkQT2/djsYXr/IXigQAgDdkR+dskgmYHYPQeCcKe3QlT7xf > w0eZDSu0ecbO2vXy0oicANDezPfZDuadwtB6L8Cwoon04gfjVYxTr6GyyvW7hUmAaLt9 > 7GEL/Hh2/cL5rzSzz9mDNOUFrU0S8VanhMVvwjXKtFWNzAWiwfj26lvb8KVRlwfNGlP3 > gVnFnbE= > =Sy3u > -----END PGP SIGNATURE----- > > -- > Be a Certified Nursing Assistant. Get local training today. > http://tagline.hushmail.com/fc/BLSrjkqoiOCPCoMRK9ZgmTNsCtwOZXGIyrzJkWo3YmH0IyTAFJVy7s9Krni/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
