Some months ago I was working with some people on a great idea for a wicked ActiveX vulnerability project.  At the time I knew of two fuzzers out of the gate, AxMan and COMRaider.  Both had their drawbacks for our purposes.  The biggest thing was that we needed to be able to script it all out.  I kept looking and came across axfuzz, but felt it a bit gnarly to futz with it’s source on a deadline.  Anyway, that’s all I’ll say about that…I have the feeling they may still be pursuing this project.  ::shhh::

That’s not why you called though.  The point is, there just wasn’t a lot in the way of solid console based ActiveX fuzzers.   Then I read a sweet research paper by CERT on how they had discovered and pulled down thousands of ActiveX controls for their fuzzing pleasure and found plenty of potential vulnerabilities.  “Awesome!” I said.  This would be perfect.  That’s when I found that it hadn’t been officially released.  Now it has!

Some hotness around Dranzer is that it’ll fuzz like hell and spit the results to an output file.  It can also skip baselines or run against specific libs.  Very cool stuff indeed.  Check out the Dranzer project.

p.s. Put plenty of paper in your printer

Code ActiveX, CERT, Fuzzing, Windows

Walk with me.  Let me rap unto you a little story about how an AV detection might go.  So, your AV makes a good detection on a suspect file.  Unbelievable already right?  Say it does, but it’s using a heuristics engine and not it’s typical signature definitions.

For Symantec these heuristics are Bloodhound and files that are flagged usually get some name such as ‘Bloodhound.exploit.somenumber’.

So, is this it?  Leave it and move on to the next thing that will burn up the day?  It doesn’t have to be. Let’s dig deeper. Read more…

Anti-malware adobe, javascript, malware, pdf