Fuzzing Fortigate 7

Continuing my journey with the Mutiny Fuzzing Framework one of the apps I decided to test was a Fortigate 7.x VM (what I initially described during the last TheHackSummit conference). Below you'll find more details about it. Here we go... 

Protocols Mutiny

From time to time I'm posting here some of the bugs I found in the past during my (file format) fuzzing adventures. This time we'll (again) try to focus a bit more on the protocol fuzzing scenarios. To continue - we will use Mutiny Fuzzing Framework. Here we go...

Bruting FortiGates

After my previous adventures with FortiGate VM's I decided to check it again and finally finish some of the ideas I was talking about during the last The Hack Summit Conference (PL, 2022). One of them was to bypass FortiGate's "anti-bruteforce protection". Below you'll find the details about it. Here we go...

Postauth SQL injection in ZoneMinder 1.34.25

Few weeks ago I was looking for some (web) apps related to RTSP. Somehow I landed in TurnKeyLinux page where I found a VM with ZoneMinder (1.34.25).  Below you will find the details about the (postauth SQLi) bug I was able to spot. Here we go...

Fuzzing DICOM - Crashing PaxeraHealth Viewer

After checking few other apps I found for fuzzing DICOM files I tried PaxeraHealth Viewer. Below you will find the details about it. Here we go...

Fuzzing DICOM - Crashing AMIDE

Similar to previous cases related to fuzzing DICOM software I used the same approach and decided to check the application called AMIDE. Few details about it you can find below. Here we go...

Fuzzing DICOM - Crashing MicroDicom

Just like before I found an application that was able to handle my fuzzing scenario so I decided to give it a try. Details from another 'night fuzzing session' you will find below. Here we go...

Fuzzing DICOM - (Local) Crashing Sante PACS Server

Few months ago I decided to fuzz a software related to DICOM file format. Quick local buffer overflow found in one of them - Sante PACS Server - is presented in the details below. Here we go... 

The Hack Summit 2022 - Online Presentation

Long time, no see. ;) During 2022 I had a pleasure to present few of the topics about my research during The Hack Summit Conference in Poland. Below you'll find more details about it. Here we go...