Collaborate Disseminate
Sometimes, security mechanisms can be bypassed if you just do things slightly out of the ordinary. For instance, readout protection on microcontrollers is a given nowadays, to the point where …read more Continue reading Need To Dump A Protected STM32F0x? Use Your Pico!
Recently I saw a demonstration to fuzz IPv6 network interface of an android device
The tool in use was fuzz_ip6 from https://github.com/vanhauser-thc/thc-ipv6
And the tool was executed in the form of such as "sudo fuzz_ip6 -5 <inte… Continue reading Is it possible to send packets to network interface in an android device from host computer? [closed]
Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential of using fuzzing to uncover security holes in implementations of cryptographic… Continue reading Vulnerabilities in cryptographic libraries found through modern fuzzing
How can I fuzz any part of the URL with any strings, append string on middle of the URL or in any part of the URL?
Suppose a URL like this,
https://example.com/Fuzz/hello.html
And I want to add something, on "Fuzz"
So the full U… Continue reading Path fuzzing using curl [closed]
Fuzz testing helps developers protect their applications against memory corruptions, crashes that cause downtime, and other security issues, including DoS and uncaught exceptions. Code Intelligence has open-sourced a new security tool, CI Fuzz CLI, whi… Continue reading CI Fuzz CLI: Open-source tool simplifies fuzz testing for C++
I’m aware that writing a file with a reserved name such as CON.txt or CON.mp3, aux.txt, lpt1.html, etc. is not allowed by Windows and can be leveraged for enumeration.
However, what about reading a file with a reserved name?
For example, i… Continue reading Is Reading Windows Reserved Filenames Through a URL Valid for OS Enumeration?
I’m relatively new to using OWASP ZAP. I tried fuzzing POST requests with Zap and am able to see all the messages sent in the Fuzzer tab.
When I select one of the messages in the Fuzzer tab, I can see the respective Request and Response in… Continue reading Zap: How to export Fuzzer results/report with the Request and Response?
We decided to discuss less obvious tools for working with firmware, including Renode and Qiling. Each of those tools has its own features, advantages, and limitations that make it effective for certain types of task. Continue reading Dynamic analysis of firmware components in IoT devices
What is the relationship between fuzzing and buffer overflow and does fuzzing leads to buffer overflow? Is buffer overflow a subset of fuzzing?
Many today use code obfuscation as a way to make it harder for the bad people to reverse engineer their code. However, in view of open source software which is open to all, is code obfuscation still sufficient to deter reverse engineering … Continue reading In view of open source code which is open to all, is code obfuscation still sufficient or even relevant? [closed]