-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear list,
Which fuzzer on this list will help me find the most security exploits? Thanks, - -bm On Fri, 06 Mar 2009 18:37:01 -0500 Jeremy Brown <[email protected]> wrote: >Don't act like you've gave any constructive advice to anyone in >your life. > >Thanks for trolling, please don't come again. > >On Fri, Mar 6, 2009 at 6:21 PM, Pete Licoln ><[email protected]> wrote: >> Ok cool, then keep it up Jeremy. >> At least you wont be able to say no one told you. >> >> 2009/3/6 Jeremy Brown <[email protected]> >>> >>> I consider you a loser, Pete/Julio/Loser. >>> >>> On Fri, Mar 6, 2009 at 3:03 PM, Pete Licoln ><[email protected]> wrote: >>> > Well .. what i say is true. >>> > If you cant argue on the subject then shut the hell up. >>> > >>> > >>> > 2009/3/6 Rubén Camarero <[email protected]> >>> >> >>> >> Dont satisfy this idiot with a response, thats what he >likes.. >>> >> Everybody >>> >> knows Petie is a troll on every list just use google >>> >> >>> >> On Fri, Mar 6, 2009 at 10:56 AM, Jeremy Brown ><[email protected]> >>> >> wrote: >>> >>> >>> >>> The reason anyone writes a fuzzer is to find bugs. Those >that I have >>> >>> written are of course for the same purpose as the 101 >listed: to find >>> >>> security bugs. Your ideas are as meaningless and unhelpful >as they >>> >>> have been in the past. You have no goal but to troll and >try to make >>> >>> people look like fools, but you are clearly the ignorant >one. >>> >>> >>> >>> What have you ever written? Let us see some of your code to >poke fun >>> >>> of. If it is as imperfect as you then we'd have a day of >fun. >>> >>> >>> >>> >What's hilarious is that none of them are usefull :) >>> >>> >>> >>> http://www.milw0rm.com/author/1531 >>> >>> http://www.milw0rm.com/author/1835 >>> >>> >>> >>> 90% of the research above were found by fuzzing, and those >are public. >>> >>> Clearly my fuzzers are useful. >>> >>> >>> >>> >You should really learn the protocol you want to fuzz, and >develop a >>> >>> >strategy before you create anything else. >>> >>> >>> >>> Although mistakes are inevitable, and seeming how the stuff >I write >>> >>> are pretty coherent to the protocol, your statements, once >again, are >>> >>> unjustifiable. The strategy is simple: gather points of >input, fuzz >>> >>> them, and watch for exceptions. Obviously. >>> >>> >>> >>> >Every fuzzer you've made use the SAME way to ""fuzz"" for >differents >>> >>> > app/protocol. >>> >>> >>> >>> Because using a fuzzing oracle is a very good way to >identify security >>> >>> bugs. Throwing random data will surely find lots of >programming >>> >>> errors, but I want a shell. >>> >>> >>> >>> > The only change i see is your last fuzzer .. written in a >different >>> >>> > language, but still the same way ... >>> >>> >>> >>> Yeah, I wrote it in C, and implemented a fuzzing oracle >that way. I >>> >>> probably put 100 hours into it, and it gave back some nice >return. As >>> >>> like the others. >>> >>> >>> >>> So, "what ever your real name is", I will continue to write >fuzzers >>> >>> and exploits. If you comments are meant to bend my attitude >or >>> >>> research rather than to troll, you don't have a chance, so >get on with >>> >>> your life and I will get on with mine. What a conclusion. >>> >>> >>> >>> >>> >>> On Fri, Mar 6, 2009 at 10:22 AM, Pete Licoln ><[email protected]> >>> >>> wrote: >>> >>> > What's hilarious is that none of them are usefull :) >>> >>> > You should really learn the protocol you want to fuzz, >and develop a >>> >>> > strategy before you create anything else. >>> >>> > Every fuzzer you've made use the SAME way to ""fuzz"" for >differents >>> >>> > app/protocol. >>> >>> > >>> >>> > The only change i see is your last fuzzer .. written in a >different >>> >>> > language, but still the same way ... >>> >>> > >>> >>> > 2009/3/5 Jeremy Brown <[email protected]> >>> >>> >> >>> >>> >> That is hilarious LOL! >>> >>> >> >>> >>> >> On Thu, Mar 5, 2009 at 11:14 PM, Pete Licoln >>> >>> >> <[email protected]> >>> >>> >> wrote: >>> >>> >> > 11 fuzzers matchs for Jeremy Brown on this page LOL ! >>> >>> >> > >>> >>> >> > 2009/3/5 Krakow Labs <[email protected]> >>> >>> >> >> >>> >>> >> >> Krakow Labs maintains a current list of security >driven fuzzing >>> >>> >> >> technologies. >>> >>> >> >> >>> >>> >> >> http://www.krakowlabs.com/lof.html >>> >>> >> >> >>> >>> >> >> _______________________________________________ >>> >>> >> >> Full-Disclosure - We believe in it. >>> >>> >> >> Charter: http://lists.grok.org.uk/full-disclosure- >charter.html >>> >>> >> >> Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >> > >>> >>> >> > >>> >>> >> > >>> >>> >> > _______________________________________________ >>> >>> >> > Full-Disclosure - We believe in it. >>> >>> >> > Charter: http://lists.grok.org.uk/full-disclosure- >charter.html >>> >>> >> > Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >> > >>> >>> >> >>> >>> >> _______________________________________________ >>> >>> >> Full-Disclosure - We believe in it. >>> >>> >> Charter: http://lists.grok.org.uk/full-disclosure- >charter.html >>> >>> >> Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> > >>> >>> > >>> >>> > >>> >>> >>> >>> _______________________________________________ >>> >>> Full-Disclosure - We believe in it. >>> >>> Charter: http://lists.grok.org.uk/full-disclosure- >charter.html >>> >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >>> >> >>> >> >>> >> -- >>> >> Rubén Camarero >>> >> CCNA, CISSP >>> >> >>> >> _______________________________________________ >>> >> Full-Disclosure - We believe in it. >>> >> Charter: http://lists.grok.org.uk/full-disclosure- >charter.html >>> >> Hosted and sponsored by Secunia - http://secunia.com/ >>> > >>> > >>> > _______________________________________________ >>> > Full-Disclosure - We believe in it. >>> > Charter: http://lists.grok.org.uk/full-disclosure- >charter.html >>> > Hosted and sponsored by Secunia - http://secunia.com/ >>> > >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkmxtgcACgkQT2/djsYXr/IXigQAgDdkR+dskgmYHYPQeCcKe3QlT7xf w0eZDSu0ecbO2vXy0oicANDezPfZDuadwtB6L8Cwoon04gfjVYxTr6GyyvW7hUmAaLt9 7GEL/Hh2/cL5rzSzz9mDNOUFrU0S8VanhMVvwjXKtFWNzAWiwfj26lvb8KVRlwfNGlP3 gVnFnbE= =Sy3u -----END PGP SIGNATURE----- -- Be a Certified Nursing Assistant. Get local training today. http://tagline.hushmail.com/fc/BLSrjkqoiOCPCoMRK9ZgmTNsCtwOZXGIyrzJkWo3YmH0IyTAFJVy7s9Krni/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
