Software Testing Methodologies & Approaches to Fuzzing

This blog post is part of a series and a re-posting of the original article “Fuzzing 101” that I have written for Yarix on YLabs. Introduction In this article, I would like to introduce fuzz testing as part of a vast overview of software testing approaches used to discover bugs and vulnerabilities within applications, protocols, file formats and more. Application Security With an ever-increasing number of vulnerabilities discovered during the years, many organizations still spend little budget and effort to produce and ensure...

Posted By

Announcing ECG v2.0

We are proud to announce that ECG got its first major update. ECG: is the first and single commercial solution (Static Source Code Scanner) able to analyze & detect real and complex security vulnerabilities in TCL/ADP source-code. ECG's v2.0 New Features On-Premises Deploy: Scan your code repository on your secure and highly-scalable offline appliance with a local ECG's installation to comply with strict code privacy policies. API Support: Easily integrate ECG's automated security testing into your continuous integration (CI/CD) and delivery tools. Manage your...

Posted By

Tivoli Madness

TL; DR: this blog post serves as an advisory for both: CVE-2020-28054: An Authorization Bypass vulnerability affecting JamoDat – TSMManager Collector v. <= 6.5.0.21 A Stack Based Buffer Overflow affecting IBM Tivoli Storage Manager - ITSM Administrator Client Command Line Administrative Interface (dsmadmc.exe) Version 5, Release 2, Level 0.1. Unfortunately, after I had one of the rudest encounters with an Hackerone’s triager, these are the takeaways: IBM Tivoli Storage Manager has reached its end of life support and will not...

Posted By

.NET Grey Box Approach: Source Code Review & Dynamic Analysis

Following a recent engagement, I had the opportunity to check and verify some possible vulnerabilities on an ASP .NET application. Despite not being the deepest technical nor innovative blog post you could find on the net, I have decided to post it anyway in order to explain the methodology I adopt to verify possible vulnerabilities. If you are into grey-box approach (Source Code Review and Dynamic Analysis, SAST/DAST), new to ASP .NET applications or you are planning to take AWAE,...

Posted By

CVE-2020-1337 – PrintDemon is dead, long live PrintDemon!

Banner Image by Sergio Kalisiak TL; DR: I will explain, in details, how to trigger PrintDemon exploit and dissect how I’ve discovered a new 0-day; Microsoft Windows EoP CVE-2020-1337, a bypass of PrintDemon’s recent patch via a Junction Directory (TOCTOU). Contents PrintDemon primer, how the exploit works? PrinterPort WritePrinter Shadow Job File Binary Diffing CVE-2020-1048 Patch CVE-2020-1337 – A bypass of CVE-2020-1048’s patch Conclusion Affected Systems Disclosure Timeline After Yarden Shafir’s & Alex Ionescu’s posts (PrintDemon, FaxHell) and their call to action,...

Posted By