The document discusses fuzz testing or fuzzing, which is a software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program to test for security vulnerabilities or crashes. It provides examples of fuzzing network protocols like HTTP and fuzzing file formats. It also discusses different types of fuzzers and provides an example of vulnerable source code and a simple fuzzing scheme to test it.
The presentation was given at Seattle CodeCamp 2012 and covers Fuzz Testing.
Provides details on what is Fuzzing, why Fuzzing is so effective and how to Fuzz Test your application.
American Fuzzy Lop (AFL) is a security-oriented fuzz testing tool.
In this talk, I demonstrate how dead-simple AFL is to use. I show how I used it to fuzz a Python library, discovering a subtle bug in the process.
Malware Dectection Using Machine learningShubham Dubey
Malware detection is an important factor in the security of the computer systems. However, currently utilized signature-based methods cannot provide accurate detection of zero-day attacks and polymorphic viruses. That is why the need for machine learning-based detection arises.
The presentation was given at Seattle CodeCamp 2012 and covers Fuzz Testing.
Provides details on what is Fuzzing, why Fuzzing is so effective and how to Fuzz Test your application.
American Fuzzy Lop (AFL) is a security-oriented fuzz testing tool.
In this talk, I demonstrate how dead-simple AFL is to use. I show how I used it to fuzz a Python library, discovering a subtle bug in the process.
Malware Dectection Using Machine learningShubham Dubey
Malware detection is an important factor in the security of the computer systems. However, currently utilized signature-based methods cannot provide accurate detection of zero-day attacks and polymorphic viruses. That is why the need for machine learning-based detection arises.
Fuzzing can be an effecive way to uncover bugs and vulnerabilities. Bug bounty hunters, penetration testers and developers can benefit from this quick and efficient technique.
## Talk delivered at artintoscience.com ##
One of the primary data sources we use on the Splunk Security Research Team is attack data collected from various corners of the globe. We often obtain this data in the wild using honeypots, with the goal of uncovering new or unusual attack techniques and other malicious activities for research purposes. The nirvana state is a honeypot tailored to mimic the kind of attack/attacker you are hoping to study. To do this effectively, the honeypot must very closely resemble a legitimate system. As a principal security research at Splunk, co-founder of Zenedge (Now part of Oracle), and Security Architect at Akamai I have spent many years protecting organizations from targeted as well as internet-wide attacks, and honeypots has been extremely useful (at times better than threat intel) tool at capturing and studying active malicious actors.
In this talk, I aim to provide an introduction to honeypots, explain some of the experiences and lessons learned we have had running Cowrie a medium interaction SSH honeypot base on Kippo. How we modified cowrie to make it more realistic and mimic the systems and attack we are trying to capture as well as our approach for the next generation of honeypots we plan to use in our research work. The audience in this talk will learn how to deploy and use cowrie honeypot as a defense mechanism in their organization. Also, we will share techniques on how to modify cowrie in order to masquerade different systems and vulnerabilities mimicking the asset(s) being defended. Finally, share example data produced by the honeypot and analytic techniques that can be used as feedback to improve the deployed honeypot. We will close off the talk by sharing thoughts on how we are evolving our approach for capturing attack data using honeypots and why.
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
Part 1
- Introduction
- Application for Anomaly Detection
- AIOps
- GraphDB
Part 2
- Type Of Anomaly Detection
- How to Identify Outliers in your Data
Part 3
- Anomaly Detection for Timeseries Technique
Complete coverage of CISSP 7th Chapter - Security Operations. I have made sure to cover all topics from three books in this presentation. For corrections, clarifications, please feel free to reach me.
Do you know the internal signs of a compromise? This deck takes you through the process our Mandiant services teams go through to help discover if an organization has been compromised. You can also view the full webinar here: https://www.brighttalk.com/webcast/10703/187133?utm_source=SS
How to Hunt for Lateral Movement on Your NetworkSqrrl
Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network?
In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
This is a draft presentation of a video lesson taken from the course "Digital forensics with Kali Linux" published by Packt Publishing in May 2017: https://www.packtpub.com/networking-and-servers/digital-forensics-kali-linux
This presentation introduces the fundamentals of the forensic image acquisition process, explaining concepts like hardware and software write blocking, the physical and logical structure of hard disks and the different forensic image formats.
MITRE ATT&CK framework is about the framework that is followed by Threat Hunters, Threat Analysts for Threat Modelling purpose, which can be use for Adversary Emulation and Attack Defense. Cybersecurity Analyst widely use it for framing the attack through its various used Tactics and Techniques.
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Jeremy Brown
The web client is critical software to secure from any perspective. No matter if you're an organization or a casual client, you're typically just as vulnerable as anyone else. OSes are often supplemented with hardening toolsets or built-in mitigations as an extra measure to avoid compromise, but as with all things, they aren't completely solid either. Thus the need for systems that break systems, some of which deploy fuzzing and almost all of them work to find implementation bugs. Browser fuzzing has been explored and improved in many different ways over the past several years. In this presentation, we'll be primarily talking about a mutation engine that provides a somewhat novel technique for finding bugs in a still-ripe attack surface: the browser's rendering engine. This technique has the flexibility to be applied even more broadly than browsers, for example, there's initial support for fuzzing PDF readers. We'll also be discussing the tooling and infrastructure areas of the process, detailing what's needed to build a system that will scale and enable your fuzzing strategies to be successful. Finally, we can conclude the talk with some incubation results and how you can start making use of these fuzzing techniques today to find the bugs you need to exploit browsers or identify and fix the code responsible for each vulnerability.
Fuzzing can be an effecive way to uncover bugs and vulnerabilities. Bug bounty hunters, penetration testers and developers can benefit from this quick and efficient technique.
## Talk delivered at artintoscience.com ##
One of the primary data sources we use on the Splunk Security Research Team is attack data collected from various corners of the globe. We often obtain this data in the wild using honeypots, with the goal of uncovering new or unusual attack techniques and other malicious activities for research purposes. The nirvana state is a honeypot tailored to mimic the kind of attack/attacker you are hoping to study. To do this effectively, the honeypot must very closely resemble a legitimate system. As a principal security research at Splunk, co-founder of Zenedge (Now part of Oracle), and Security Architect at Akamai I have spent many years protecting organizations from targeted as well as internet-wide attacks, and honeypots has been extremely useful (at times better than threat intel) tool at capturing and studying active malicious actors.
In this talk, I aim to provide an introduction to honeypots, explain some of the experiences and lessons learned we have had running Cowrie a medium interaction SSH honeypot base on Kippo. How we modified cowrie to make it more realistic and mimic the systems and attack we are trying to capture as well as our approach for the next generation of honeypots we plan to use in our research work. The audience in this talk will learn how to deploy and use cowrie honeypot as a defense mechanism in their organization. Also, we will share techniques on how to modify cowrie in order to masquerade different systems and vulnerabilities mimicking the asset(s) being defended. Finally, share example data produced by the honeypot and analytic techniques that can be used as feedback to improve the deployed honeypot. We will close off the talk by sharing thoughts on how we are evolving our approach for capturing attack data using honeypots and why.
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
Part 1
- Introduction
- Application for Anomaly Detection
- AIOps
- GraphDB
Part 2
- Type Of Anomaly Detection
- How to Identify Outliers in your Data
Part 3
- Anomaly Detection for Timeseries Technique
Complete coverage of CISSP 7th Chapter - Security Operations. I have made sure to cover all topics from three books in this presentation. For corrections, clarifications, please feel free to reach me.
Do you know the internal signs of a compromise? This deck takes you through the process our Mandiant services teams go through to help discover if an organization has been compromised. You can also view the full webinar here: https://www.brighttalk.com/webcast/10703/187133?utm_source=SS
How to Hunt for Lateral Movement on Your NetworkSqrrl
Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network?
In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
This is a draft presentation of a video lesson taken from the course "Digital forensics with Kali Linux" published by Packt Publishing in May 2017: https://www.packtpub.com/networking-and-servers/digital-forensics-kali-linux
This presentation introduces the fundamentals of the forensic image acquisition process, explaining concepts like hardware and software write blocking, the physical and logical structure of hard disks and the different forensic image formats.
MITRE ATT&CK framework is about the framework that is followed by Threat Hunters, Threat Analysts for Threat Modelling purpose, which can be use for Adversary Emulation and Attack Defense. Cybersecurity Analyst widely use it for framing the attack through its various used Tactics and Techniques.
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Jeremy Brown
The web client is critical software to secure from any perspective. No matter if you're an organization or a casual client, you're typically just as vulnerable as anyone else. OSes are often supplemented with hardening toolsets or built-in mitigations as an extra measure to avoid compromise, but as with all things, they aren't completely solid either. Thus the need for systems that break systems, some of which deploy fuzzing and almost all of them work to find implementation bugs. Browser fuzzing has been explored and improved in many different ways over the past several years. In this presentation, we'll be primarily talking about a mutation engine that provides a somewhat novel technique for finding bugs in a still-ripe attack surface: the browser's rendering engine. This technique has the flexibility to be applied even more broadly than browsers, for example, there's initial support for fuzzing PDF readers. We'll also be discussing the tooling and infrastructure areas of the process, detailing what's needed to build a system that will scale and enable your fuzzing strategies to be successful. Finally, we can conclude the talk with some incubation results and how you can start making use of these fuzzing techniques today to find the bugs you need to exploit browsers or identify and fix the code responsible for each vulnerability.
2011 CodeEngn Conference 05
DBI 란 Dynamic Binary Instrumentation 의 약자이다. 이는 실행 중인 어떤 Process 또는 Program 에 특수한 목적으로 사용될 임의의 코드를 삽입하는 방법이다. 이를 이용하여 동적으로 생성된 Code 처리, 특정 코드의 발견, 실행중인 Process 분석 등을 할 수 있다. 주로 컴퓨터 구조 연구, 프로그램, 스레드 분 석에 이용되며, Taint Analysis 에 대한 개념, 각종 Tool 과 사용 방법, 간단한 예제, 최신 취약점 분석 등 을 통하여 DBI 를 알아보도록 한다.
http://codeengn.com/conference/05
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
The recorded version of 'Best Of The World Webcast Series' [Webinar] where Jacob Holcomb speaks on 'RIoT (Raiding Internet of Things)' is available on CISOPlatform.
Best Of The World Webcast Series are webinars where breakthrough/original security researchers showcase their study, to offer the CISO/security experts the best insights in information security.
For more signup(it's free): www.cisoplatform.com
Fuzzing and You: Automating Whitebox TestingNetSPI
Fuzzing is easy, but getting useful information from fuzzing isn’t. ‘Spray and pray’ might get some results, but a set of well-designed tests will get much better results faster. Unfortunately, the job doesn’t end there. Fuzzing doesn’t find vulnerabilities; fuzzing finds unexpected behavior. Interpreting that unexpected behavior relies on understanding the application you’re fuzzing and the tests you’ve designed. This presentation will discuss techniques for creating tests targeted towards uncovering specific behavior, including authorization bypasses, directory traversals, and buffer overflows.
Splunk is a powerful platform that can harness your machine data and turn it into valuable information thereby enabling your business to make informed decisions, taking your organization from reactive to proactive. Just like any other platform, Splunk is only as powerful as the data it has access to, therefore in this session we will be conducting a walk thru of how to successfully on-board data, with samples of data ranging from simple to complex. We will also be taking a look at how to use common TA’s to bring valuable data into Splunk. This session is designed to give you a better understanding of how to onboard data into Splunk enabling you to unlock the power of your data.
Splunk is a powerful platform that can harness your machine data and turn it into valuable information thereby enabling your business to make informed decisions, taking your organization from reactive to proactive. Just like any other platform, Splunk is only as powerful as the data it has access to, therefore in this session we will be conducting a walk thru of how to successfully on-board data, with samples of data ranging from simple to complex. We will also be taking a look at how to use common TA’s to bring valuable data into Splunk. This session is designed to give you a better understanding of how to onboard data into Splunk enabling you to unlock the power of your data
Attackers don’t just search for technology vulnerabilities, they take the easiest path and find the human vulnerabilities. Drive by web attacks, targeted spear phishing, and more are commonplace today with the goal of delivering custom malware. In a world where delivering custom advanced malware that handily evades signature and blacklisting approaches, and does not depend on application software vulnerabilities, how do we understand when are environments are compromised? What are the telltale signs that compromise activity has started, and how can we move to arrest a compromise in progress before the attacker laterally moves and reinforces their position? The penetration testing community knows these signs and artifacts of advanced malware presence, and it is up to us to help educate defenders on what to look for.
"Backoff" Malware: How to Know If You're InfectedTripwire
The US-CERT organization recently updated its Alert TA14-212A, which warns that Point-of-Sale (POS) memory-scraping malware has been found in 3 separate forensic investigations. The Secret Service estimates over 1000+ businesses of all types that accept credit card transactions may be affected. Most may not know it yet.
Join us to learn key “Indicators of Compromise” (IOCs) for Backoff, and what you can do about it.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
7. Software Security Analyzing
• Static analysis:
– Approach for verifying software (including finding defects) without
executing software
• Source code vulnerability scanning tools, code inspections, etc.
• Dynamic analysis:
– Approach for verifying software (including finding defects) by
executing software on specific inputs & checking results (“oracle”)
• Functional testing, fuzz testing, etc.
• Hybrid analysis:
– Combine above approaches
• Operational:
– Tools in operational setting
• Minimize risks, report information back, etc.
• Themselves may be static, dynamic, hybrid; often dynamic
SSP, Sorena Secure Processing
8. Fuzzing in Wikipedia
“Fuzz testing or fuzzing is a software testing
technique, often automated or semi-automated,
that involves providing invalid, unexpected, or
random data to the inputs of computer program. The program is
then monitored for exceptions such as crashes, or failing built-in
code assertions or for finding potential memory leaks. Fuzzing is
commonly used to test for security problems in software or
computer systems. It is a form of random testing which has been
used for testing hardware or software”
SSP, Sorena Secure Processing
9. Fuzz testing history
• Fuzz testing concept from Barton Miller’s 1988
class project University of Wisconsin
– Project created “fuzzer” to test reliability of
command-line Unix programs
– Repeatedly generated random data for them until
crash/hang
– Later expanded for GUIs, network protocols, etc.
• Approach quickly found a number of defects
• Many tools & approach variations created since
SSP, Sorena Secure Processing
10. Fuzzing in brief
• A form of vulnerability analysis and testing
• Many slightly anomalous test cases are input
into the target application
• Application is monitored for any sign of error
SSP, Sorena Secure Processing
14. 14
FileFuzz
• Application vs. file type
– One file type multiple targets
• Vendor history
– Past vulnerabilities
• High risk targets
– Default file handlers
• Windows Explorer
• Windows Registry
– Commonly traded file types
• Media files
• Office documents
• Configuration files
Identify target
Identify inputs
Generate fuzzed data
Execute fuzzed data
Monitor for exceptions
Determine exploitability
SSP, Sorena Secure Processing
15. 15
• Proprietary vs. open formats
– Vendor documents
– Wotsit.org
– Google
• Binary files
– e.g. images, video, audio, office
documents, etc.
– Headers vs. data
• Text files
– e.g. *.ini, *.inf, *.xml
– Name/value pairs
Identify target
Identify inputs
Generate fuzzed data
Execute fuzzed data
Monitor for exceptions
Determine exploitability
SSP, Sorena Secure Processing
FileFuzz
16. 16
• Binary files
– Breadth (All or Range)
• Identify potential weaknesses
FF FF FF FF 00 00 DB FE 0B 00 C5 00 00 01 E8 03 ; ÿÿÿÿ..Ûþ..Å...è.
D7 FF FF FF FF 00 DB FE 0B 00 C5 00 00 01 E8 03 ; ×ÿÿÿÿ.Ûþ..Å...è.
D7 CD FF FF FF FF DB FE 0B 00 C5 00 00 01 E8 03 ; ×ÍÿÿÿÿÛþ..Å...è.
– Depth
• Determine level of
control/influence
D7 CD FD 9A 00 00 DB FE 0B 00 C5 00 00 01 E8 03 ; ×Íýš..Ûþ..Å...è.
D7 CD FE 9A 00 00 DB FE 0B 00 C5 00 00 01 E8 03 ; ×Íþš..Ûþ..Å...è.
D7 CD FF 9A 00 00 DB FE 0B 00 C5 00 00 01 E8 03 ; ×Íÿš..Ûþ..Å...è.
• Text Files
– name = value
file_size = 10
file_size = AAAAA
file_size = AAAAAAAAAA
Identify target
Identify inputs
Generate fuzzed data
Execute fuzzed data
Monitor for exceptions
Determine exploitability
SSP, Sorena Secure Processing
FileFuzz
17. 17
• Command line arguments
– Windows explorer
• Tools…Folder Options…File
Types
Identify target
Identify inputs
Generate fuzzed data
Execute fuzzed data
Monitor for exceptions
Determine exploitability
SSP, Sorena Secure Processing
FileFuzz
18. 18
• Visual
– Error messages
– Blue screen
• Event logs
– System logs
– Application logs
• Debuggers
• Return codes
• Debugging API
Identify target
Identify inputs
Generate fuzzed data
Execute fuzzed data
Monitor for exceptions
Determine exploitability
SSP, Sorena Secure Processing
FileFuzz
20. 20
• Skills
– Disassembly ,Debugging
• Vulnerability types
– Stack, Heap overflow, Integer handling,
etc.
• Overflows
• Signedness
– DoS
• Out of bounds reads
• Infinite loops
• NULL pointer dereferences
– Logic errors
• Windows WMF vulnerability (MS06-001)
– Format strings, Race conditions
Identify target
Identify inputs
Generate fuzzed data
Execute fuzzed data
Monitor for exceptions
Determine exploitability
SSP, Sorena Secure Processing
FileFuzz
21. 21 SSP, Sorena Secure Processing
FileFuzz
FileFuzz is a graphical, Windows based file
format fuzzing tool. FileFuzz was designed to
automate the creation of abnormal file
formats and the execution of applications
handling these files. FileFuzz also has built in
debugging capabilities to detect exceptions
resulting from the fuzzed file formats.
23. Type of Fuzzers
• File Fuzzers As the name implies, fuzzers that target file formats only. They
do not have the ability to speak any network protocol.
• Network Fuzzers And these are fuzzers that target only network protocols.
There are allot of these as the discovery of network based vulnerabilities
has always attracted allot of attention.
• General Fuzzers Following with our captain obvious theme, these fuzzers
that can target a wide variety of targets, typically both file and network,
and also others via custom I/O interfaces. For example: COM, shared
libraries, RPC, etc.
• Custom or One-off Fuzzers These are custom written fuzzers that target a
specific format or network protocol. Typically these hand written, many
times by testers. Custom fuzzers vary widely on how good their data
mutation/generation is. For the purposes of this document we will not
examine any custom or one-off fuzzers.
• API Fuzzers, Hardware Fuzzers and dozens of Fuzzers, There is not
limitations for subject… (Chapter 5, Page 161-166)
SSP, Sorena Secure Processing
24. Type of Fuzzers…
There is no limitation of, Intuitively I have to
say…
Where there is a Input, There’s Fuzz…
There is an undeniable fact,
Before start your cool fuzzing, please
formally let me know about your target.
SSP, Sorena Secure Processing
25. Example
• Standard HTTP GET request
– GET /index.html HTTP/1.1
• Anomalous requests
– AAAAAA...AAAA /index.html HTTP/1.1
– GET ///////index.html HTTP/1.1
– GET %n%n%n%n%n%n.html HTTP/1.1
– GET /AAAAAAAAAAAAA.html HTTP/1.1
– GET /index.html HTTTTTTTTTTTTTP/1.1
– GET /index.html HTTP/1.1.1.1.1.1.1.1
– etc...
SSP, Sorena Secure Processing
26. Example of
Vulnerable Source Code
#include <stdio.h>
int main( int argc, char *argv[] )
{
char buffer[1024];
strcpy(buffer,argv[1]);
printf("The string is a %s nn",buffer);
return 0;
}
SSP, Sorena Secure Processing
27. Example of
Simple Fuzzing scheme
import subprocess,time;
for i in range(1,10000):
print i;
subprocess.call(["./ example ","A"*i]);
time.sleep(1); # figure out debugger, crash log, etc.
Go head and run the application via uninvited
arguments such as and not limited to,
./example `python -c “print ‘A’*10000”`
SSP, Sorena Secure Processing
29. Definition of fuzzing
“Fuzzing is a technique for intelligently and
automatically generating and passing into a
target system valid and invalid message
sequences to see if the system breaks, and
if it does, what it is that makes it break”
CODENOMICON
SSP, Sorena Secure Processing
30. The Solution That Found Heartbleed
fuzzing(Defensics) was the primary
solution being used when the
Heartbleed flaw was identified.
A security research was running
a routine test of the Fuzzing
(Defensics) feature, SafeGuard, identifying the flaw
that had gone unidentified for over two years and
impacted over 500,000 websites.
SSP, Sorena Secure Processing
CODENOMICON
31. Fuzzing Approach
Mutation Based - “Dumb Fuzzing”
Generation Based - “Smart Fuzzing”
Evolutionary
SSP, Sorena Secure Processing
33. Mutation Based - “Dumb Fuzzing”
• Little or no knowledge of the structure of the inputs is
assumed
• Anomalies are added to existing valid inputs
• Anomalies may be completely random or follow some
heuristics
• Requires little to no set up time
• Dependent on the inputs being modified
• May fail for protocols with checksums, those which depend
on challenge response, etc.
Examples:
• Taof, GPF, ProxyFuzz, etc.
SSP, Sorena Secure Processing
35. Generation Based - “Smart Fuzzing”
• Test cases are generated from some description
of the format: RFC, documentation, etc.
• Anomalies are added to each possible spot in
the inputs
• Knowledge of protocol should give better results
than random fuzzing
• Can take significant time to set up
• Examples
– SPIKE, Sulley, Mu-4000, Codenomicon, Bestorm
SSP, Sorena Secure Processing
37. Evolutionary
• Attempts to generate inputs based on the
response of the program
• Autodafe
– Prioritizes test cases based on which inputs have
reached dangerous API functions
• EFS
– Generates test cases based on code coverage
metrics (more later)
• This technique is still in the alpha stage
SSP, Sorena Secure Processing
38. Issues & Problems
Mutation based fuzzers can generate an infinite
number of test cases... When has the fuzzer run long
enough?
Generation based fuzzers generate a finite number of
test cases. What happens when they’re all run and
no bugs are found?
How do you monitor the target application such that
you know when something “bad” has happened?
SSP, Sorena Secure Processing
39. Issues with Fuzzing
What happens when you find too many bugs? Or
every anomalous test case triggers the same (boring)
bug?
How do you figure out which test case caused the
fault?
Given a crash, how do you find the actual
vulnerability
After fuzzing, how do you know what changes to
make to improve your fuzzer?
When do you give up on fuzzing an application?
SSP, Sorena Secure Processing
41. Products & Frameworks
SSP, Sorena Secure Processing
Dozens of Open-Source Fuzzing Tools & Frameworks
has been collected in FoxFuzzing, there is list of
products with bit information of, are available by
https://github.com/khaleghsalehi/FoxFuzzing/list.pdf
Not(A2
43. References
1. SWE 681 / ISA 681,Secure Software Design & Programming, Lecture 9, Analysis
Approaches & Tools, Dr. David A. Wheeler, 2014-08-17
2. Real World Fuzzing, Charlie Miller, Independent Security Evaluators, ctober 19, 2007,
cmiller@securityevaluators.com
3. Robustness Testing, Discover unknown vulnerabilities with
Testing & QA, Ari Takanen, Codenomicon Ltd.
4. Michael Eddington, Leviathan Security Group, Inc. 2009
5. A Study of Commercially Available Fuzzers: Identification of Undisclosed Vulnerabilities
with the Aid of Commercial Fuzzing Tools. Prof. Dr. Hartmut Pohl and Daniel Baier, B.Sc.
Department of Computer Sciences, Bonn-Rhein-Sieg University of Applied Sciences
6. “Fuzzing for Software Security Testing and Quality Assurance”, Ari Takanen, Jared DeMott,
Charlie Miller Fuzzing for Software Security Testing and Quality Assurance (Artech House
Information Security and Privacy), 2008
7. Fuzzing: Brute Force Vulnerability Discovery Paperback – July 9, 2007 by Michael
Sutton, Adam Greene, Pedram Amini
8. Michael Sutton, Director, iDefense Labs, msutton@idefense.com, Fuzzing
Brute Force Vulnerability Discovery
9. [Slide No. 11.] A Study of Commercially Available Fuzzers: Identification of Undisclosed
Vulnerabilities with the Aid of Commercial Fuzzing Tools. By: Prof. Dr. Hartmut Pohl and
Daniel Baier, B.Sc. Department of Computer Sciences, Bonn-Rhein-Sieg University of
Applied Sciences.
SSP, Sorena Secure Processing
44. Awesome Books
SSP, Sorena Secure Processing
Fuzzing: Brute Force Vulnerability
Discovery Paperback – July 9, 2007
by Michael Sutton (Author), Adam
Greene (Author), Pedram Amini (Author)
45. Awesome Books
SSP, Sorena Secure Processing
Fuzzing for Software Security Testing and
Quality Assurance (Artech House Information
Security and Privacy) Hardcover – June 30,
2008
by Ari Takanen (Author), Jared
DeMott (Author), Charlie Miller (Author)
46. Awesome Books
SSP, Sorena Secure Processing
Open Source Fuzzing Tools Paperback –
December 28, 2007
by Noam Rathaus (Author), Gadi
Evron (Author)
47. Awesome Books
SSP, Sorena Secure Processing
Violent Python: A Cookbook for Hackers,
Forensic Analysts, Penetration Testers and
Security Engineers Paperback – August 11,
2012
& many so many
books…