Hello, Jonathan Foote here. In this post I'll explain how to use information from databases in stock Ubuntu systems to gather the parameters needed to perform corpus distillation (gathering of seed inputs) and fuzzing against the installed default file type handlers in Ubuntu Desktop 12.04. This technique applies to most modern versions of Ubuntu.
Hello, this is Jonathan Spring. I've been investigating the usage of domains that are typos of other domains. For example, foogle.com is a typo of google.com, and it's a common one since 'f' is next to 'g' on the standard keyboard. The existing hypothesis has been that typo domains would be used for malicious purposes. Users would commonly mistype the domain they are going to, and some of the less scrupulous domain owners could take advantage of this to trick them or infect their computers.
Hi everyone, it's Todd Lewellen. Today, I want to discuss how quantitative vulnerability metrics, like the Common Vulnerability Scoring System (CVSS), can help to develop a more accurate understanding of a vulnerability's severity.
Hi, this is Vijay Sarvepalli, Security Solutions Engineer in the CERT Division. Mathematics is part of your daily tasks if you're a security analyst. In this blog post series, I'll explore some practical uses of math in your SOC (Security Operations Center). This pragmatic approach will hopefully help enhance your use of mathematics for network security.