Archive | Programming


26 August 2010 | 7,735 views

WinAppDbg – Python Instrumentation Scripting/Debugging Tool For Windows

The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in […]

Continue Reading


12 August 2010 | 7,251 views

BitBlaze – Binary Analysis Platform For Computer Security

Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code, where source code is unavailable, and the binary may even be obfuscated. Also, binary analysis provides the ground truth about program behavior since computers execute binaries (executables), not source code. However, binary analysis is challenging […]

Continue Reading


05 August 2010 | 7,177 views

Peach Fuzzing Platform – Smarfuzzer For Generation & Mutation Based Fuzzing

Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing. There are typically two methods for producing fuzz data that is sent to a target, Generation or Mutation. Generational fuzzers are capable of building the data being sent based on a data model provided by the fuzzer creator. Sometimes this […]

Continue Reading


28 July 2010 | 11,445 views

FuzzDiff – Tool For Fuzzing and Crash Analysis

FuzzDiff is a simple tool to help make crash analysis during file format fuzzing a bit easier. I’m sure many people have written similar tools for their own purposes, but I haven’t seen any that are publicly available. Hopefully at least one person finds it useful. When provided with a fuzzed file, a corresponding original […]

Continue Reading


19 July 2010 | 7,151 views

Mozilla Increases Security Bug Bounty To $3000

There’s been a number of bounty programs in the past year or so with Mozilla being one of the forerunners with their Mozilla Security Bug Bounty Program. There are others like Google offering rewards for bugs in Chrome, and other specific high profile bounties like when Microsoft Offered $250K Bounty for Conficker Author. Mozilla on […]

Continue Reading


01 July 2010 | 5,728 views

FxCop – .NET Framework Security Analysis Tool

FxCop is an application that analyzes managed code assemblies (code that targets the .NET Framework common language runtime) and reports information about the assemblies, such as possible design, localization, performance, and security improvements. Many of the issues concern violations of the programming and design rules set forth in the Design Guidelines, which are the Microsoft […]

Continue Reading


27 April 2010 | 14,618 views

fuzzdb – Comprehensive Set Of Known Attack Sequences

fuzzdb is a comprehensive set of known attack pattern sequences, predictable locations, and error messages for intelligent brute force testing and exploit condition identification of web applications. Many mechanisms of attack used to exploit different web server platforms and applications are triggered by particular meta-characters that are observed in more than one product security advisory. […]

Continue Reading


23 April 2010 | 4,949 views

ReFrameworker – General Purpose Framework Modifier

ReFrameworker is a general purpose Framework modifier, used to reconstruct framework Runtimes by creating modified versions from the original implementation that was provided by the framework vendor. ReFrameworker performs the required steps of runtime manipulation by tampering with the binaries containing the framework’s classes, in order to produce modified binaries that can replace the original […]

Continue Reading


16 April 2010 | 7,180 views

Oracle Releases Emergency Patch for Java Vulnerability

After informing a researcher just a few days ago that “they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle” they have made a 180 turn on the issue and pushed out an emergency patch to mitigate against the Serious Java Bug That Exposes Users To Code […]

Continue Reading


12 April 2010 | 6,249 views

Serious Java Bug Exposes Users To Code Execution

Once again a different attack vector, seems to the creative season for discovering bugs. I guess it’s partially due to the fact this time of year tends to be pretty quiet business wise so researchers have plenty of downtime to look at nifty ways to break things. This might be a tough one to solve […]

Continue Reading