dynamic-analysis – Page 2 – WindowsTechs.com

Dynamic Application Security Testing (DAST) Scanner for Post Authentication [closed]

Posted on July 26, 2019 by Jshee

I am wondering if anyone know’s of a DAST Scanner than can either take in an authenticated request from somewhere like burp, OR some DAST software that takes username and password and then run DAST scans against the target.

I’ve used a t… Continue reading Dynamic Application Security Testing (DAST) Scanner for Post Authentication [closed]→

Is it correct to say that AVs use the same signature-based detection methods in emulation as they do on static binaries?

Posted on July 7, 2019 by chillsauce

Many malwares can be packed or encrypted and AVs will emulate their execution to allow them to unpack or decrypt themselves. Once they do, are AVs simply using the same hashing or pattern-matching techniques that they would u… Continue reading Is it correct to say that AVs use the same signature-based detection methods in emulation as they do on static binaries?→

Panicking the right way in Go

Posted on June 26, 2019 by Sam Moelius

A common Go idiom is to (1) panic, (2) recover from the panic in a deferred function, and (3) continue on. In general, this is okay, so long there are no global state changes between the entry point to the function calling defer, and the point at which… Continue reading Panicking the right way in Go→

Announcing Manticore 0.3.0

Posted on June 7, 2019 by Eric Hennenfent

Earlier this week, Manticore leapt forward to version 0.3.0. Advances for our symbolic execution engine now include: “fast forwarding” through concrete execution that you don’t care about, support for Linux binaries statically compile… Continue reading Announcing Manticore 0.3.0→

Fuzzing Unit Tests with DeepState and Eclipser

Posted on May 31, 2019 by Alex Groce

If unit tests are important to you, there’s now another reason to use DeepState, our Google-Test-like property-based testing tool for C and C++. It’s called Eclipser, a powerful new fuzzer very recently presented in an ICSE 2019 paper. We a… Continue reading Fuzzing Unit Tests with DeepState and Eclipser→

Fuzzing an API with DeepState (Part 2)

Posted on January 23, 2019 by Alex Groce

Alex Groce, Associate Professor, School of Informatics, Computing and Cyber Systems, Northern Arizona University Mutation Testing Introducing one bug by hand is fine, and we could try it again, but “the plural of anecdote is not data.” Howe… Continue reading Fuzzing an API with DeepState (Part 2)→

Fuzzing an API with DeepState (Part 1)

Posted on January 22, 2019 by Alex Groce

Alex Groce, Associate Professor, School of Informatics, Computing and Cyber Systems, Northern Arizona University Using DeepState, we took a handwritten red-black tree fuzzer and, with minimal effort, turned it into a much more fully featured test gener… Continue reading Fuzzing an API with DeepState (Part 1)→

How to divert hard-coded IP requests using FakeNet-NG?

Posted on November 8, 2018 by m3ssap0

I started studying malware analysis. I’ve used apateDNS and INetSim to simulate external services and now I’m trying FakeNet-NG, but I’m struggling to perform a very basic operation.

How is it possible to divert requests to … Continue reading How to divert hard-coded IP requests using FakeNet-NG?→

Fuzzing versus Symbolic Execution — what’s the difference?

Posted on November 1, 2018 by Bradley Evans

Fuzzing, per a current Wikipedia definition is defined the following way:

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a compu… Continue reading Fuzzing versus Symbolic Execution — what’s the difference?→

Malware Execution Delay

Posted on October 10, 2018 by cosmicrao

I am new to malware analysis and am currently using Cuckoo to understand some of the basics.

I am trying to figure the time that the malware delays its initial executions. I found a functional call NtDelayExecution in the A… Continue reading Malware Execution Delay→