On Wed, 27 Mar 2002, John wrote: > A while back there was a tool that was released that would brute force > binaries and attempt to exploit the bug. It attempted to exploit simple > stack overflows, but it was a nice tool at the time. > > http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0710.html <two cents> I wrote a paper for SANS last summer which surveyed the available auditing tools (source code scanners, black box testers, and known exploits). Against the simple target program I chose (Hobbit's "webs"), the black-box testers failed miserably, for reasons that I go into in the paper (basically, that they aren't protocol-aware). Brute-force black-box scanners catch the low-hanging fruit, bug-wise. Direct URL (the report is the HTML file inside the ZIP file): http://www.giac.org/practical/Jeff_Schaller_GSNA.zip Other reports available from: http://www.giac.org/GSNA.php </two cents> -jeff -- Last week, scientists announced the first-ever cloning of a human embryo, which they hope to mine for stem cells to treat diseases. What do you think? "I think I'll just sit back and let the ignorant, hysterical Christians handle this one." Peter Jordan, Systems Analyst. The Onion.
This archive was generated by hypermail 2b30 : Wed Mar 27 2002 - 18:31:06 PST