Showing posts from March, 2018

02x01 - How to maybe not be as bad at fuzzing unknown binary protocols as you were before reading this

Disclaimer:   I wrote this post a while ago, and definitely before I had enough knowledge to really share accurately.  Feel free to read on, but there's probably a lot of bad info in this. You're bad at fuzzing unknown binary protocols, huh? Yeah, well, me too.  In fact, I've only done it once, and I had an RFC to look at, so I guess it technically wasn't an 'unknown' protocol... and it was mostly a walkthrough. So, we'll go start to finish on this in a few posts, maybe. Pre-Requisites: Familiarity with debuggers, i.e. OllyDBG Immunity Familiarity with: Fuzzers (SPIKE, boofuzz, sulley, etc) scapy Python Wireshark Assembly (sorta) Stack Based Buffer Overflows SEH Exploits Virtual Machines Attacker  Kali? Windows? Whatever floats your boat. Victim x 2 Windows 7+ Note:  If you're using windows as the attacking machine, you don't need two victim machines. That's probably it? Okay, so this post is a work in pr


I've been in the field for about five years, the first three doing forensics for a firm, the last two, pentesting for that same firm.  This blog's intent is merely to provide those who may be of similar mind with some light-hearted reading about my experiences and my upcoming, ever advancing journey into things I have no right explaining to anyone. Welcome.  I'm bad at security.