Archive | Programming

Advertisements


22 December 2010 | 17,805 views

WackoPicko – Vulnerable Website For Learning & Security Tool Evaluation

There are various vulnerable web applications out there to hone your skills or test the latest web vulnerability scanner you downloaded, one such package would be Damn Vulnerable Web App – Learn & Practise Web Hacking. There are others such as: Vicnum – Lightweight Vulnerable Web Application Web Security Dojo – Training Environment For Web […]

Continue Reading


16 December 2010 | 10,799 views

Honggfuzz – Simple Command Line Software Fuzzing Tool

Honggfuzz is a general-purpose fuzzing tool. Given a starting corpus of test files, Hongfuzz supplies and modifies input to a test program and utilize the ptrace() API/POSIX signal interface to detect and log crashes. Basically it’s a simple, easy to use via command-line interface, providing nice analysis of software crashes in a simple form of […]

Continue Reading


24 November 2010 | 17,552 views

SHA-1 Password Hashes Cracked Using Amazon EC2 GPU Cloud

It’s not the first time someone has pulled this off, back in November 2009 we wrote about Using Cloud Computing To Crack Passwords – Amazon’s EC2. Add that with a story way back from 2007 – Graphics Cards – The Next Big Thing for Password Cracking? – and you’ve got yourself an interesting combo with […]

Continue Reading


09 September 2010 | 6,129 views

DllHijackAuditor – Free Audit Tool For DLL Hijack Vulnerability

DllHijackAuditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application. This is recently discovered critical security issue affecting almost all Windows systems on the planet. It appears that large amount of Windows applications are currently susceptible to this vulnerability which can allow any attacker to completely take over the […]

Continue Reading


26 August 2010 | 7,778 views

WinAppDbg – Python Instrumentation Scripting/Debugging Tool For Windows

The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in […]

Continue Reading


12 August 2010 | 7,264 views

BitBlaze – Binary Analysis Platform For Computer Security

Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code, where source code is unavailable, and the binary may even be obfuscated. Also, binary analysis provides the ground truth about program behavior since computers execute binaries (executables), not source code. However, binary analysis is challenging […]

Continue Reading


05 August 2010 | 7,290 views

Peach Fuzzing Platform – Smarfuzzer For Generation & Mutation Based Fuzzing

Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing. There are typically two methods for producing fuzz data that is sent to a target, Generation or Mutation. Generational fuzzers are capable of building the data being sent based on a data model provided by the fuzzer creator. Sometimes this […]

Continue Reading


28 July 2010 | 11,469 views

FuzzDiff – Tool For Fuzzing and Crash Analysis

FuzzDiff is a simple tool to help make crash analysis during file format fuzzing a bit easier. I’m sure many people have written similar tools for their own purposes, but I haven’t seen any that are publicly available. Hopefully at least one person finds it useful. When provided with a fuzzed file, a corresponding original […]

Continue Reading


19 July 2010 | 7,158 views

Mozilla Increases Security Bug Bounty To $3000

There’s been a number of bounty programs in the past year or so with Mozilla being one of the forerunners with their Mozilla Security Bug Bounty Program. There are others like Google offering rewards for bugs in Chrome, and other specific high profile bounties like when Microsoft Offered $250K Bounty for Conficker Author. Mozilla on […]

Continue Reading


01 July 2010 | 5,759 views

FxCop – .NET Framework Security Analysis Tool

FxCop is an application that analyzes managed code assemblies (code that targets the .NET Framework common language runtime) and reports information about the assemblies, such as possible design, localization, performance, and security improvements. Many of the issues concern violations of the programming and design rules set forth in the Design Guidelines, which are the Microsoft […]

Continue Reading


Advertisements