ohrwurm is a small and simple RTP fuzzer, it has been tested it on a small number of SIP phones, none of them withstood the fuzzing. Features: reads SIP messages to get information of the RTP port numbers reading SIP can be omitted by providing the RTP port numbers, so that any RTP traffic can […]
Secure Coding
Secure coding is very important in software development to ensure code security is high using techniques such as static analysis, code auditing and dynamic analysis to ensure safe coding practices are followed.
What Tools can be used for Secure Coding?
There are a variety of tools to ensure code safety, mostly based on source code auditing and static analysis.
The options available really depend on the language being used with some tools focusing on many languages such as Yasca โ Multi-Language Static Analysis Toolset or specialist tools focusing on a single language like Brakeman โ Static Analysis Rails Security Scanner.
Modern Exploits – Do You Still Need To Learn Assembly Language (ASM)
This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not? For those that aren’t what it is, it’s pretty much the lowest level programming languages computers understand without resorting to simply 1’s […]
ISR-evilgrade – Inject Updates to Exploit Software
[ad] ISR-evilgrade is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates and exploiting the system or software. How does it work? It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of the victims […]
WikiScanner – Find Interesting Anonymous Edits on Wikipedia
[ad] Now this isn’t a new tool, and it’s not quite up to date as the author hasn’t updated it for a while – but it’s still exceedingly cool! As you know most IP addresses are registered to companies or organizations in blocks, so you can identify which network an edit is coming from as […]
Tmin – Test Case Optimizer for Automated Security Testing
[ad] Tmin is a simple utility meant to make it easy to narrow down complex test cases produced through fuzzing. It is closely related to another tool of this type, delta, but meant specifically for unknown, underspecified, or hard to parse data formats (without the need to tokenize and re-serialize data), and for easy integration […]