Archive | Programming


21 November 2015 | 1,119 views

american fuzzy lop – Security Oriented Fuzzing Tool

American fuzzy lop is a security-oriented fuzzing tool that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also […]

Continue Reading

09 October 2015 | 3,232 views

Twittor – Backdoor Using Twitter For Command & Control

Twittor is a stealthy Python based backdoor using Twitter (Direct Messages) as a command and control server. This project has been inspired by Gcat which does the same but using a Gmail account. Setup For this to work you need: A Twitter account (Use a dedicated account! Do not use your personal one!) Register an […]

Continue Reading

22 September 2015 | 3,183 views

peinjector – MITM PE File Injector

The peinjector is a MITM PE file injector, the tool provides different ways to infect Windows platform executable files (PE COFF) with custom payloads without changing the original functionality. It creates patches, which are then applied seamlessly during file transfer. It is very performant, lightweight, modular and can be operated on embedded hardware. Features Full […]

Continue Reading

08 September 2015 | 6,441 views

Gcat – Python Backdoor Using Gmail For Command & Control

Gcat is a stealthy Python backdoor that uses Gmail as a command and control server. It’s fairly basic right now, but it’s an interesting proof of concept and if the community got behind it and contributed some new features it could be a pretty powerful piece of kit. Feature wise it doesn’t have that much, […]

Continue Reading

21 July 2015 | 974 views

Dharma – Generation-based Context-free Grammar Fuzzing Tool

Dharma is a tool used to create test cases for fuzzing of structured text inputs, such as markup and script. It takes a custom high-level grammar format as input, and produces random well-formed test cases as output – it can be used as a grammar fuzzing tool. API programming is complex and subtle programming mistakes […]

Continue Reading

04 July 2015 | 1,422 views

AddressSanitizer – A Fast Memory Error Detector

AddressSanitizer (aka ASan) is a very fast memory error detector for C/C++, Tthe average slowdown of the instrumented program is ~2x. The tool works on x86 Linux and Mac, and ARM Android. AddressSanitizer is based on compiler instrumentation and directly-mapped shadow memory. The tool consists of a compiler instrumentation module (currently, an LLVM pass) and […]

Continue Reading

11 June 2015 | 1,845 views

Agile Security – How Does It Fit Into A World Of Continuous Delivery

So, Agile Security? How does it fit into the new age of rapid iteration, continuous integration and continuous development? It’s an interesting discussion and personally very on point for me as I operate in an agile organisation and just today took (and passed yay me) my Scrum Master certification. The traditional silo approach of security […]

Continue Reading

26 May 2015 | 1,486 views

zzuf – Multi-Purpose Application Input Fuzzing Tool

zzuf is a transparent application input fuzzing tool or fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data (which more than often comes from untrusted sources on the Internet). It works by intercepting file and network operations and changing random bits in the program’s input. zzuf’s behaviour is deterministic, making […]

Continue Reading

02 May 2015 | 1,921 views

Graudit v1.9 Download – Grep Source Code Auditing Tool

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications and source code auditing tool sets like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible. You […]

Continue Reading

24 March 2015 | 1,624 views

Yasca – Multi-Language Static Analysis Toolset

Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It’s basically a tool-kit for multi-language static analysis. Yasca can scan source code written in Java, C/C++, HTML, JavaScript, ASP, ColdFusion, PHP, COBOL, .NET, and other languages It leverages on external open source […]

Continue Reading