Tag Archives | lcamtuf




american fuzzy lop – Security Oriented Fuzzing Tool

American fuzzy lop is a security-oriented fuzzing tool that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also […]

Topic: Hacking Tools, Secure Coding

cross_fuzz – A Cross-Document DOM Binding Fuzzer

cross_fuzz is an amazingly effective but notoriously annoying cross-document DOM binding fuzzer that helped identify about one hundred bugs in all browsers on the market – many of said bugs exploitable – and it is still finding more. The fuzzer owes much of its efficiency to dynamically generating extremely long-winding sequences of DOM operations across […]

Topic: Hacking Tools, Secure Coding

Internet Explorer Zero-Day Accidentally Leaked To Chinese Hackers

First up, happy new year – let’s hope 2011 is an interesting year for the infosec community. Anyway today’s story is about the recently released tool cross_fuzz by Michal Zalewski and an inadvertent leak that have occurred. tl;dr version is something like this: Michal Zalewski writes a DOM fuzzer, fuzzes IE, finds flaws, Chinese dudes […]

Topic: Exploits/Vulnerabilities, Windows Hacking

Stompy – The Web Application Session Analyzer Tool

A new tool dealing with web sessions was recently announced, it’s called stompy, a free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. Session IDs are commonly used to track authenticated users, and as such, whenever they’re predictable or simply vulnerable to brute-force attacks, we do have a problem. […]

Topic: Hacking Tools, Web Hacking

Popular Tags

computer-security · darknet · ddos · dos · exploits · fuzzing · google · hacking-networks · hacking-websites · hacking-windows · hacking tool · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · pen-testing · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · windows · windows-security · Windows Hacking · worms · XSS ·