Filtered by Topic: Vulnerability Discovery

Comments on BIS Wassenaar Proposed Rule
Allen Householder - 07/22/15
Art Manion and I recently submitted comments to the Department of Commerce Bureau of Industry and Security on their proposed rule regarding Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items. While our detailed comments are lengthy, we summarize...
Like Nailing Jelly to the Wall: Difficulties in Defining
Allen Householder - 07/07/15
During the Watergate hearings, Senator Howard Baker asked John Dean a now-famous question: "My primary thesis is still: What did the president know, and when did he know it?" If you understand why that question was important, you have some...
The Risks of SSL Inspection
Will Dormann - 03/13/15
Recently, SuperFish and PrivDog have received some attention because of the risks that they both introduced to customers because of implementation flaws. Looking closer into these types of applications with my trusty CERT Tapioca VM at hand, I've come to realize a...
What's Different About Vulnerability Analysis and Discovery in Emerging Networked Systems?
Allen Householder - 01/06/15
Hi folks, Allen Householder here. In my previous post, I introduced our recent work in surveying vulnerability discovery for emerging networked systems (ENS). In this post, I continue with our findings from this effort and look at the differences between...
Vulnerability Discovery for Emerging Networked Systems
Allen Householder - 11/20/14
Hi folks, Allen Householder here. I want to introduce some recent work we're undertaking to look at vulnerability discovery for emerging networked systems (including cyberphysical systems like home automation, networked cars, industrial control systems and the like). In this post...
Finding Android SSL Vulnerabilities with CERT Tapioca
Will Dormann - 09/03/14
Hey, it's Will. In my last blog post, I mentioned the release of CERT Tapioca, an MITM testing appliance. CERT Tapioca has a range of uses. In this post, I describe one specific use for it: automated discovery of SSL vulnerabilities in Android applications....
Announcing CERT Tapioca for MITM Analysis
Will Dormann - 08/21/14
Hi folks, it's Will. Recently I have been investigating man-in-the-middle (MITM) techniques for analyzing network traffic generated by an application. In particular, I'm looking at web (HTTP and HTTPS) traffic. There are plenty of MITM proxies, such as ZAP, Burp, Fiddler, mitmproxy, and...
Differences Between ASLR on Windows and Linux
Will Dormann - 02/10/14
Will Dormann explains how ASLR works on Linux and how it differs from ASLR on Windows.
Feeling Insecure? Blame Your Parent!
Will Dormann - 02/03/14
Will Dormann describes how parent properties can cause security problems for a child process.
Hacking the CERT FOE
Will Dormann - 11/26/13
Will Dormann describes a modification to FOE code to make it work better with another application and encourages others to modify the code themselves.
BFF 2.7 on OS X Mavericks
Will Dormann - 10/23/13
Will Dormann describes how to get BFF 2.7 to run on OS X Mavericks.
Vulnerabilities and Attack Vectors
Will Dormann - 10/01/13
Will Dormann provides examples that illustrate why vulnerability analysts use attack vectors when they're examining software bugs and vulnerabilities.
Attaching the Rocket to the Chainsaw - Behind the Scenes of BFF and FOE's Crash Recycler
Allen Householder - 09/30/13
Allen Householder discusses the crash recycling feature of the recently released fuzzing tools BFF v2.7 and FOE v2.1.
One Weird Trick for Finding More Crashes
Will Dormann - 09/23/13
Will Dormann announces updates to CERT fuzzing tools, FOE and BFF, and describes the changes in the new versions.
Domains That Are Typos of Other Domains
Jonathan Spring - 08/15/13
Jonathan Spring discusses the usage of domains that are typos of other domains.
Mining Ubuntu for Interesting Fuzz Targets
Jonathan Foote - 08/15/13
We explain how to use information from databases in stock Ubuntu systems to gather parameters for performing corpus distillation and fuzzing.
Forensics Software and Oracle Outside In
Will Dormann - 07/08/13
Will Dormann discusses the risks, and their mitigations, of using forensics software to process untrusted data.
The Risks of Microsoft Exchange Features that Use Oracle Outside In
Will Dormann - 06/04/13
Will Dormann describes the risks of using Microsoft Exchange features that use Oracle Outside In and what you can do about it.
Keep Calm and Deploy EMET
Jared Allar - 05/08/13
Jared Allar provides information about an effective approach to blocking exploits of CVE-2013-1347.
CERT Basic Fuzzing Framework 2.5 Released
Allen Householder - 04/30/12
Allen Householder describes features available in BFF 2.5.
CERT Linux Triage Tools 1.0 Released
Jonathan Foote - 04/25/12
Jonathan Foote describes a GNU Debugger extension that classifies Linux applications by severity.
CERT Failure Observation Engine 1.0 Released
David Warren - 04/23/12
David Warren describes features available in FOE 1.0.
Effectiveness of Microsoft Office File Validation
Will Dormann - 05/19/11
Will Dormann tests the effectiveness of Office File Validation in protecting against attacks using malformed files.
A Security Comparison: Microsoft Office vs. Oracle Openoffice
Will Dormann - 04/13/11
Will Dormann discusses the results of a test that compares the fuzzing resiliency of Office and Oracle OpenOffice.
Announcing the CERT Basic Fuzzing Framework 2.0
Allen Householder - 02/28/11
Allen Householder announces the release of BFF 2.0 and describes improvements and new features.
CERT Basic Fuzzing Framework Update
Will Dormann - 09/22/10
Will Dormann describes new functionality and performances improvements available in BFF 1.1.
CERT Basic Fuzzing Framework
Will Dormann - 05/26/10
Will Dormann discusses how to use BFF to discover vulnerabilities through mutational dumb fuzzing.
Internet Explorer Kill-Bits
Will Dormann - 07/31/09
Will Dormann discusses killbit, a MS Windows registry value that prevents an ActiveX control from being used by Internet Explorer.
Vulnerabilities and Attack Surface
Will Dormann - 06/25/09
Will Dormann discusses vulnerabilities in Adobe Reader and Foxit Reader PDF-viewing applications.
Release of Dranzer ActiveX Fuzzing Tool
Will Dormann - 04/16/09
Will Dormann announces the release of Dranzer, a CERT tool developed to test ActiveX controls.
Recommendations to Vendors for Communicating Product Security Information
Chad Dougherty - 11/20/08
Chad Dougherty offers advice to vendors about communicating product security issues.
Ping Sweeping in IPv6
Ryan Giobbi - 09/12/08
Ryan Giobbi discusses how ping sweeping on the local network is easier in IPv6 than in IPv4.
ActiveX Vulnerability Discovery at the CERT/CC
Will Dormann - 07/03/08
Will Dormann describes how his team often discovers vulnerabilities while they test ActiveX controls.