Showing posts from March, 2018

02x01 - How to maybe not be as bad at fuzzing unknown binary protocols as you were before reading this

Disclaimer:  I wrote this post a while ago, and definitely before I had enough knowledge to really share accurately.  Feel free to read on, but there's probably a lot of bad info in this.

You're bad at fuzzing unknown binary protocols, huh? Yeah, well, me too.  In fact, I've only done it once, and I had an RFC to look at, so I guess it technically wasn't an 'unknown' protocol... and it was mostly a walkthrough.

So, we'll go start to finish on this in a few posts, maybe.
Pre-Requisites:Familiarity with debuggers, i.e.OllyDBGImmunityFamiliarity with:Fuzzers (SPIKE, boofuzz, sulley, etc)scapyPythonWiresharkAssembly (sorta)Stack Based Buffer OverflowsSEH ExploitsVirtual MachinesAttacker Kali? Windows? Whatever floats your boat.Victim x 2Windows 7+Note: If you're using windows as the attacking machine, you don't need two victim machines.That's probably it? Okay, so this post is a work in progress for a period, as I go through it as well.

First, what&…


I've been in the field for about five years, the first three doing forensics for a firm, the last two, pentesting for that same firm.  This blog's intent is merely to provide those who may be of similar mind with some light-hearted reading about my experiences and my upcoming, ever advancing journey into things I have no right explaining to anyone.

Welcome.  I'm bad at security.