Tauqeer, > I am new to this group. I have just started my fuzzing career :).
Welcome to the infosec world. Be careful. > I am working on Peach frame work and looking out to discovering my own > vulnerabilities. Peach is a very nice framework for fuzzing. but I am > wondering what software i have to fuzz to start with. your people suggestion > will be appreciated. It really depends on what your goal is. If one is just starting out, one should be trying to learn as much as one can, but not all at once. If that's the case, then start with something small and hopefully overlooked with open source code. A lame game with networked capabilities, perhaps. One should also obtain older versions of code with known vulnerabilities for experimentation. If one finds something, having the source will help in learning how bad it is and why there is a bug. Once one has graduated from that, then one can move on to black box testing of closed source. Making things crash is actually pretty easy. Anyone who is reputable and spent any fuzzing probably knows of an app or two that is not yet patched (sometimes for years) that will crash when fuzzed. Much harder is exploiting the overflow to gain privs. BYE Sip Phreak -- http://sipphreak.us sipphreakus (sĭp'frēk-əs) n. 1. A chronic infectious disease caused by insecure telephony protocols and transmitted through promiscuous messaging 2. The futile endeavor of securing evolving technology seemingly arising without intelligent design and rehashing previous security mistakes 3. A Session Initiation Protocol altercation _______________________________________________ darklab mailing list [email protected] http://lists.darklab.org/cgi-bin/mailman/listinfo/darklab
