DEFENSICS Universal Fuzzer™ – A Global Fuzzer for Everything !!

 

DEFENSICS Universal Fuzzer™ complements our existing product range by providing new fuzz testing techniques to meet these testing challenges and to increase the test capability of Model-Based tests. The Universal Fuzzer is a file fuzzer that can generate security tests for any file structures based on a set of templates. These files can be samples of pictures, videos, documents, or even data packets from traffic captures.

File Fuzzing

Corrupt files are one of the oldest and most effective methods of attacking company networks. Simply clicking on weblink with malicious picture-files or opening harmless-looking PDF files sent as email attachments is enough to trigger these attacks.

Protocol Fuzzing

Defensics Universal Fuzzer can also test simple stateless protocols. The simplest form of attacking protocols is fuzzing simple request-response communications, or the first packets of complex message exchanges. Most protocol attacks do not require any user interaction, and therefore are often considered much higher risk than file-format based attacks.

Coverage

Test coverage is about how many of the unknown (zero-day) vulnerabilities are found with the chosen fuzzing techniques. Simply having coding errors or vulnerabilities in your software is enough to enable zero-day attacks. The attacks vary, but they all have in common is that the initial access is always enabled by a software vulnerability hiding in the code. These attacks against unknown, zero-day vulnerabilities have the most damaging effects, because there are no defenses against them.

See the Unknown Vulnerability Management resources to learn how you can find and mitigate these unknown (zero-day) vulnerabilities:
http://www.codenomicon.com/unknown/

 

Screenshots

 

Features

The most effective way to protect your systems against zero-day attacks is find and discover unknown, zero-day vulnerabilities in your systems proactively. Fuzzing is a technique used by hackers to find unknown vulnerabilities. Fuzzing your own software before deployment or integration will make the software more robust and secure.

The Universal Fuzzer enables both software vendors and corporation using their products to test file formats and devices and software used to read them. By doing this software vendors can improve the quality of their products compared to their competitors and companies can avoid attacks that could compromise their reputation and sales.

» TESTS ANYTHING: If you can present the data in file format, then you can test it with the universal fuzzer. Use the Universal Fuzzer to test image files, captured protocol messages, text documents, wireless frames, etc.

» INTELLIGENT FUZZING: Most fuzzers only perform random mutation fuzzing. The Codenomicon Universal Fuzzer utilizes heuristics to determine data structures, thus it is able to generate more intelligent test cases.

» EASY TO CREATE AND EXECUTE: The Universal Fuzzer does not require any protocol specific customization. Test cases are automatically generated from sample template files.

» BROAD COVERAGE: The Universal Fuzzer utilizes 15 different Fuzzers to generate test cases giving you a broad spread of what types of attacks your software will have to endure.

» CLEAR GUI AND AUTOMATED REPORTING FEATURES: The Universal Fuzzer can be run through the Defensics GUI making it easy to control 15 fuzzers simultaneously. You will also the benefit of Defensics’ automated reporting features: simply click on a link in the report to reproduce test vulnerabilities.

» DIFFERENT TEST EXECUTION METHODS: The test cases can be run directly at the test target, or they can be injected using network connection. The test cases can also be sent using our built-in HTTP server.

Testing Process

Testing process is simple:

» Select your sample files. The more sample files you have, the more accurate the tests.
» Choose how many test cases you want to run.
» Decide which fuzzers you want to use and which ratio.
» Generate test cases and choose how you want to execute them.
» Report and mitigate.

 

More Information

NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"
Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

Black Hat Arsenal 2024 Next Stop Singapore !

Black Hat Arsenal 2024 Next Stop Singapore !

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community