Penetration Testing mailing list archives
Re: ActiveX object analysis tools?
From: "Tri Huynh" <trihuynh () zeeup com>
Date: Fri, 31 Oct 2003 01:56:22 -0800
Hi, There are couple tools that can help you to analyze ActiveX security. One is COMBust (http://www.atstake.com/research/tools/vulnerability_scanning/) that can automatically fuzz the IDispatch interface of an ActiveX control. But this tool is kind of lame to me; however, if you are interested in it, there is a presentation about it somewhere on BlackHat site. Another good tool is DrCom (http://www.atstake.com/research/tools/vulnerability_scanning/) which is not free though. It allows you to see the behavior of the ActiveX objects and also let you invoke the functions manually. Hope that help. Trihuynh Sentryunion ----- Original Message ----- From: "Greg Owen" <gowen-pentest () swynwyr com> To: <pen-test () securityfocus com> Sent: Thursday, October 30, 2003 12:24 PM Subject: ActiveX object analysis tools?
Any recommendations for tools that would be helpful analyzing an ActiveX object? I assume that some of the standard MSDE tools would help enumerate interfaces. Any other tools? Frameworks for input fuzzing? Guidelines or methodologies? Any help is appreciated. -- gowen -- Greg Owen -- gowen-pentest () swynwyr com 79A7 4063 96B6 9974 86CA 3BEF 521C 860F 5A93 D66D --------------------------------------------------------------------------
-
Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_pen-test_031023 and use priority code SF4. --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_pen-test_031023 and use priority code SF4. ----------------------------------------------------------------------------
Current thread:
- ActiveX object analysis tools? Greg Owen (Oct 30)
- Re: ActiveX object analysis tools? Cesar (Oct 31)
- Re: ActiveX object analysis tools? Tri Huynh (Oct 31)