Dailydave mailing list archives

Re: Does Fuzzing really work?

From: ergosum <ergosum () neurosecurity com>
Date: Wed, 27 Sep 2006 01:36:38 +0200

Hi all,
        I'm with Halvar here,   it's not only a permutation of commands, but more 
things are to be evaluated, possible combination of commands, that includes 2 
by 2, 3 by 3, etc. Not only that, but possible payloads and timings to try to 
uncover race conditions, etc. Much more than 12! as Halvar points out. 

        Can someone send some interesting papers on fuzzing strategies? (Apart from 
the ones from Dave which all of us know :) ). I would like to link this with 
the thread about "Unknown Application Protocol Analysis", is there any 
prototype that uses both concepts? Automatic protocol discovery an 
subsequently fuzzing of it?

Cheers
        
-- 
"We must be the change we wish to see in the world"
Mahatma Gandhi
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Does Fuzzing really work? Aviram Jenik (Sep 25)
- Re: Does Fuzzing really work? Peter Winter-Smith (Sep 25)
  - Re: Does Fuzzing really work? Aviram Jenik (Sep 25)
    - Re: Does Fuzzing really work? Halvar Flake (Sep 26)
    - Re: Does Fuzzing really work? ergosum (Sep 26)
    - Re: Does Fuzzing really work? Charlie Miller (Sep 27)
    - Re: Does Fuzzing really work? Ian Melven (Sep 27)
    - Re: Does Fuzzing really work? ergosum (Sep 27)
    - Re: Does Fuzzing really work? Jared DeMott (Sep 27)
    - Re: Does Fuzzing really work? Martin Vuagnoux (Sep 28)
    - Re: Does Fuzzing really work? Jared DeMott (Sep 28)
    - Re: Does Fuzzing really work? Matt Hargett (Sep 28)
    - Re: Does Fuzzing really work? Jared DeMott (Sep 29)
  - Re: Does Fuzzing really work? Jared DeMott (Sep 25)
- Re: Does Fuzzing really work? felix-dailydave (Sep 25)

(Thread continues...)