IOCTL Fuzzer is a tool designed to automate the task of searching vulnerabilities in Windows kernel drivers by performing fuzz tests on them. The fuzzer’s own driver hooks NtDeviceIoControlFile in order to take control of all IOCTL requests throughout the system. While processing IOCTLs, the fuzzer will spoof those IOCTLs conforming to conditions specified in […]
Archives for 2010
Merry Christmas 2010
No updates for today, it’s Christmas Eve! Just wanted to take this opportunity to wish all of you that celebrate a Merry Christmas 2010. See you next week :)
Car Immobilisers Using Weak Encryption Schemes
Another case of a certain industry lagging behind, I mean come-on – who seriously still using proprietary cryptography algorithms in 2010? Especially only 40 or 48-bit protocols, with the processing power available on hand now and new techniques like GPU based cracking – that just doesn’t cut it. The latest discovery of such implementations was […]
WackoPicko – Vulnerable Website For Learning & Security Tool Evaluation
There are various vulnerable web applications out there to hone your skills or test the latest web vulnerability scanner you downloaded, one such package would be Damn Vulnerable Web App – Learn & Practise Web Hacking. There are others such as: Vicnum – Lightweight Vulnerable Web Application Web Security Dojo – Training Environment For Web […]
Gawker CTO Outlines Security Improvements Post Breach
An e-mail from the Gawker CTO (Tom Plunkett) has been posted online and it outlines the security improvements that Gawker are planning to implement after the recent massive breach of user passwords from their database. As we mentioned recently, the U.S. Federal Bureau of Investigation is looking into the Gawker breach, which just goes to […]