Windows Access Control is a fun field to study because there is so much more to
learn!We hope this chapter whets your appetite to research access control topics. Along
the way, you??™re bound to find some great security vulnerabilities.
References
www.grayhathackingbook.com
WinObj download www.microsoft.com/technet/sysinternals/SystemInformation/
WinObj.mspx
441
CHAPTER17 Intelligent Fuzzing
with Sulley
??? Protocol analysis
??? Sulley fuzzing framework
??? Powerful fuzzer
??? Process fault detection
??? Network monitoring
??? Session monitoring
In Chapter 14,we have covered basic fuzzing. The problem with basic fuzzing is that you
often only scratch the surface of a server??™s interfaces and rarely get deep inside the server
to find bugs. Most real servers have several layers of filters and challenge/response mechanisms
that prevent basic fuzzers from getting very far. Recently, a new type of fuzzing
has arrived called intelligent fuzzing. Instead of blindly throwing everything but the
kitchen sink at a program, techniques have been developed to analyze how a server
works and to customize a fuzzer to get past the filters and reach deeper inside the server
to discover even more vulnerabilities. To do this effectively, you need more than a fuzzer.
Pages:
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780