May 10

SANS Introduces “Fuzzing for Bug Discovery”

A few minutes ago I submitted what is hopefully the last set of edits for a new day of training material I wrote titled “Fuzzing for Bug Discovery”. This hands-on day of material joins Steve Sims’ Developing Exploits for Penetration Testers and Security Researchers course.

If you haven’t already checked out Steve’s course, I highly recommend it. In just a few days, he has been turning students into exploit developers, using hands-on labs to reinforce focused training materials. The new day of fuzzing material also gives students training on the tools and techniques for software fault testing using canned and custom fuzzing tools. A quick sampling of topics includes:

  • Why fuzzing is needed for security, and how it can be used by Quality Assurance teams, software developers, vendors and penetration testers
  • Building your attack plan, sources for data collection, testing and monitoring techniques and tools
  • Fuzzing techniques including static test case development, randomized fuzzing, mutation and intelligent mutation fuzzing
  • Fuzzing opportunities and common software developer mistakes to target
  • Effective fuzzing through code coverage analysis using available source or closed binaries
  • In-depth coverage on building custom fuzzers with Sulley

If I had to pick, I’d say the best part of the new day are the lab exercises. In the labs, you’ll use a variety of tools including Taof, Gcov/Lcov, Paimei with Pstalker, IDA Pro with the idapython plugin, the Sulley fuzzing framework and a bunch more. In the labs, you’ll definitely find interesting and useful bugs that, at the end of Steve’s course, you’ll be writing exploits for.

Steve is teaching his Developing Exploits for Penetration Testers and Security Researchers course in several upcoming conferences:

As always, I’m more than happy to any answer questions about this day of material. I’ll also try to answer questions about the entire course, though I may defer you to Steve. In the meantime, check out the description and sample topics. Also, my thanks to Steve for the chance to contribute to his awesome course.

-Josh

May 07

Follow the Bouncing Malware: Gone With the WINS

Tom Liston is a unique individual. Not only is he technically skilled in many areas, but he has the Kurt Vonnegut gift of being able to write a story that both delivers a message and keeps you entertained with simple sentences (oh, and teaches you a thing or two about malware analysis).

Follow the Bouncing Malware (FTBM) is a great series of articles Tom has published at the Incident Storm Center. Some are a little cheeky, but if you had met Tom you’d think they fit him perfectly. Be sure and check out the latest installment, Follow the Bouncing Malware: Gone With the WINS and pick up some tidbits on malware, Windows 2003 systems getting pwned and pr0n.

-Josh

May 03

Pen Test Perfect Storm Trilogy Slides

Over the last several months I had the pleasure of working with Ed Skoudis and Kevin Johnson in presenting a trilogy of webcasts titled the Pen Test Perfect Storm where we talk about techniques to combine network, web app and wireless pen testing. By combining these components of classic pen-tests, we are able to more effectively test the network for threats and dig deeper into an organization. Check out the slides and links to the webcast archives here:

Slides Webcast
The Pen Test Perfect Storm: Combining Network, Web App and Wireless Pen Test Techniques, Part I Flash Presentation with Audio
The Pen Test Perfect Storm: Client Side Mutiny, Part II Download WebEx Presentation with Audio
The Pen Test Perfect Storm: Network Reconstructive Surgery, Part III Download WebEx Presentation with Audio

Special thanks to Ed and Kevin for the chance to work with them on this series. Please drop me a note with any questions.

-Josh

Apr 11

Why Zoher Anis Rocks My Inbox

If you haven’t met Zoher Anis at a SANS conference or other popular venue, please make an effort to do so as soon as possible. Zoher is one of the most awesome guys I know, and humbles me with his new presentation “Why Joshua Wright loves Windows Vista ? And why you should be glad you’re not running it.

Zoher came up to me at the SANS 2009 Orlando conference and showed me a slide deck he made for a private audience about some of the awesome wireless stuff Microsoft added to Windows Vista. In it, he applies a lot of the Vista wireless hacks I wrote about in Vista Wireless Power Tools (for the penetration tester), and adds his own excellent Vista hacks in the process.

After I begged and pleaded, he allowed me to distribute a sanitized version on my site. For your enjoyment. Thanks Zoher!

-Josh

Apr 11

Rockin the WordPress Site

Admittedly, I can’t design a web page.  I understand the mechanics of HTML and CSS, but making something actually look good, that’s beyond me.

Formerly, this site was powered by iWeb, which is very limiting and awkward to use (what iWeb couldn’t do for me, I did in a shell script which was run before rsync’ing to this site, but regex for HTML is really painful).  So that I can start getting more frequent posts and updates with useful information, I’ve switched over to WordPress.

Comments, questions, concerns?  Drop me some feedback.

-Josh