In 2017 and 2018 I presented workshops on the topic of Fuzzing.
You can find the slides here: Slides
I also recorded some demos before the workshop (this are not the demos from the workshop itself). You can find the demos here: Demos
Please note: The workshop also contains lots of demos which are available on the virtual machine. If you are interested in the virtual machine just drop me a message on twitter.
Dienstag, 21. November 2017
Freitag, 22. September 2017
Hack the Hacker - Fuzzing Mimikatz on Windows with WinAFL & HeatMaps
Since I presented various fuzzing workshops in 2017 I wanted to find a nice example to demonstrate fuzzing with WinAFL if source code is available. So I needed a target where I have access to source code, which would be interesting to study for students and which still have simple bugs to find. That's how I came up with the idea to fuzz mimiaktz.
You can find the the original blogpost here: Link
You can find the the original blogpost here: Link
Samstag, 22. April 2017
Bypass application whitelisting with Nvidia's node.js
On my gaming PC I noticed something interesting - Nvidia installed a NodeJS server on my system. Since I did some application whitelisting research some time ago I used it to bypass application whitelisting. Please note: From a technical perspective I could not find a more critical vulnerability in it. However, from end-user perspective I think nobody wants to have a local NodeJS server running just because Nvidia programmers wanted to code in JavaScript. When I reported this to Nvidia they immediatly fixed it.
You can find the the original blogpost here: Link
You can find the the original blogpost here: Link
Abonnieren
Posts (Atom)