Packt+ | Advance your knowledge in tech

You're reading from Hands-On Penetration Testing on Windows Unleash Kali Linux, PowerShell, and Windows debugging tools for security testing and analysis

Product type Paperback

Published in Jul 2018

Publisher Packt

ISBN-13 9781788295666

Length 452 pages

Edition 1st Edition

Languages

PowerShell

Tools

Kali Linux

Concepts

Penetration Testing

Author (1):

Phil Bramwell

View More author details

Table of Contents (25) Chapters

Title Page

Dedication

Packt Upsell

Contributors

Preface

1. Bypassing Network Access Control FREE CHAPTER

2. Sniffing and Spoofing

3. Windows Passwords on the Network

4. Advanced Network Attacks

5. Cryptography and the Penetration Tester

6. Advanced Exploitation with Metasploit

7. Stack and Heap Memory Management

8. Windows Kernel Security

9. Weaponizing Python

10. Windows Shellcoding

11. Bypassing Protections with ROP

12. Fuzzing Techniques

13. Going Beyond the Foothold

14. Taking PowerShell to the Next Level

15. Escalating Privileges

16. Maintaining Access

17. Tips and Tricks

1. Assessment

2. Other Books You May Enjoy

Leave a review - let other readers know what you think

Index

Chapter 12. Fuzzing Techniques

What is fuzzing? You've already done some fuzzing, esteemed reader, as part of our exercises elsewhere in this book. When we were exploring our vulnerable C programs, we would fire up the GNU debugger and watch the state of the registers as we threw more and more data at the user prompt. We were modifying our input with each iteration and trying to cause a crash or at least some anomalous behavior. The inputs to the program can be malformed in some sense: an invalid format, adding unexpected or invalid characters, simply providing too much data. The fuzzing target doesn't even have to be a program: it could be a network service implementing some particular protocol, or even the encoder that generates a file in a particular format, such as PDF or JPG. If you've ever worked in software development, then the idea is immediately familiar. Fuzzing can find flaws that could negatively impact the user experience, but for security practitioners, it's a way to find...