![]() Fuzzing is a very important concept during development and therefore all developers should know how to do it correctly and that such a setup can be simple and fast! Why I Chose Mimikatz As Fuzzing Target ![]() To my knowledge there are several blog posts talking about fuzzing Linux applications with AFL or libfuzzer (just compile the application with afl-gcc instead of gcc or add some flags to clang), but there is no blog post explaining the concept and setup for Windows. I (René Freingruber from SEC Consult Vulnerability Lab) am going to give a talk at heise devSec (and IT-SECX and DefCamp) about fuzzing binaries for developers and therefore I wanted to test different approaches to fuzz windows applications where source code is available (the audience are most likely developers). If you are only interested in the exploitable mimikatz flaws you can jump to chapter “Practice: Analysis of the identified crashes“. Feel free to skip these sections if you are already familiar with this knowledge. ![]() Since this blog post got too long and I didn’t want to remove important theory, I marked background knowledge in italic. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |