After being challenged by Gadi, we decided to make the beSTORM .ANI file fuzzing module description available publicly.
This module is interesting because Microsoft’s fuzzing team, using a template-based fuzzing module, missed during their testing a vulnerability that turned out to be a zero-day. We built it by simply feeding a few sample files into beSTORM and using its autolearn feature to produce a file fuzzing module. The module we produced does catch the 0-day but we welcome any feedback as to how good or bad this module actually is.
The fuzzing module description is available here.
No comments:
Post a Comment