2010/06/03 17:18(e)an, webDEViL(e)k idatzi zuen: > Has this got anything different than filefuzz released years ago! Yes it has. Not necessarily "better" features, but certainly different ones. To start, it doesn't take a single input file and then mutate it. You can build a pool of files that provide better code coverage in the fuzzed binary than what a single file could achieve. Second, it doesn't allow you to choose how much bytes and where and with what values to mutate. Boldy, it mutates random amount bytes (adjusted to a certain percent of the filesize, a.k.a fuzzfactor) with random values at random places in the sample file that is randomly chosen from the sample pool. Although less effective in short term, in the long term you can potentially test all mutable posibilities. In this sense, the amount of fuzzed code in the target increases alongside the computation time provided. Most of this (and more) was explained in the post though. -- jg - www.morenops.com
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/