Collaborate Disseminate
Are there any softwares/solutions with we can just:
Download, start a binary/shell script
And it will automatically start to fuzz ex.: the Linux kernel, like ex.: syzkaller?
But if it would found anything it would auto… Continue reading Fuzzing services?
I recently had the privilege of giving a keynote at BSidesLisbon. I had a great time at the conference, and I’d like to thank Bruno Morisson for inviting me. If you’re into port, this is the conference for you! I recommend that anyone in the area consider attending next year. I felt there was a […]
Continue reading The Smart Fuzzer Revolution
I need a fuzzer to fuzz the motion inputs to the Android applications.
I found the Monkey tool which uses Android Debug Bridge for working.
Also checked Intent Fuzzer, it got the IntentFuzzer.apk in which case both the fuzz… Continue reading Fuzzing Android Application [on hold]
I have a specific sample I’d like feedback on, but my view is an answer about general techniques is more valuable for this site. I’ll leave the details in, in case anyone googling this bumped into the same service.
My questions:
What are general techniques and resources for identifying an unknown service, or something on a non-standard port that isn’t being talkative?
Does the behaviour below ring a bell with anyone? (Are there steps I have missed to further identify the service?)
–
While on an engagement, we have encountered an open port, 10001.
As you might’ve guessed, as far as I can tell it does not respond to protocols usually used on that port. My search has not been completely exhaustive but I have fuzzed the first three bytes and found a response for the first byte.
Observations on my specific unknown service:
Speaks TCP
When sent a capital i, I\n, it responds I213529 (last digits changed for privacy)
Messages seem to be null- and newline-terminated; anything but those after the capital i do not affect the behaviour, but a null before it will impair the response.
nmap shows it as scp-config, once as tcpwrapped
Continue reading General techniques for identifying an unknown service
I am a beginner with ZAP. I am trying to use FUZZ logic for the passwords.
But I can see that option when I click on the password at the request table but I am not able to click on it, as it is faint and non clickable.
Ho… Continue reading OWASP ZAP FUZZ functionality not highlighted
I am a beginner with ZAP. I am trying to use FUZZ logic for the passwords.
But I can see that option when I click on the password at the request table but I am not able to click on it, as it is faint and non clickable.
Ho… Continue reading OWASP ZAP FUZZ functionality not highlighted
Mike Mimoso and Chris Brook discuss the news of the week, including the latest Linux bug, Sony closing backdoors in cameras, and Google’s new open source fuzzer. Continue reading Threatpost News Wrap, December 8, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including the latest Linux bug, Sony closing backdoors in cameras, and Google’s new open source fuzzer. Continue reading Threatpost News Wrap, December 8, 2016
A new Google program OSS-Fuzz is aimed at continuously fuzzing open source software and has already detected over 150 bugs. Continue reading Google Debuts Continuous Fuzzer for Open Source Software
Events Related BSides DC 2016 – Opening – www.youtube.com Alex Norman does what Alex Norman does best. Open the con. Inspirational, motivational and most importantly… short. AppSecUSA 2016 – www.youtube.com Recordings from AppSecUSA 2016 in Washington, DC Highlights from the O’Reilly Security Conference in Amsterdam 2016 – www.oreilly.com Watch highlights covering security, defense, tools, and […]
The post Week 47 In Review – 2016 appeared first on Infosec Events.