Here you will find various security software tools released by VSR and its consultants.

Security Testing Tools

Bletchley A collection of application cryptanalysis tools. Bletchley's goal is to make black-box identification and exploitation of common cryptography weaknesses easier.
FuzzDiff A simple tool designed to help out with crash analysis during fuzz testing. It selectively "un-fuzzes" portions of a fuzzed file that is known to cause a crash, re-launches the targeted application, and sees if it still crashes. Eventually, this will yield a file that still causes the crash, but contains a minimum set of changes from the original un-fuzzed file.

Sample Code

Forms-based HTTP Authentication Proof of Concept A self-contained web server and application implemented in Python to demonstrate how forms-based HTTP authentication is possible with combination of AJAX and clever use of HTTP response codes. See this paper for more details on the reasons why this is interesting.

Miscellaneous Exploits A simple script to demonstrate the exploitation of the HTTP Request Smuggling vulnerability (CVE-2010-2375) in the WebLogic web server plugin. This script can be used to steal other users HTTP responses when used against a vulnerable web server. See the original advisory for more details. A tool for bypassing WebSense filtering proxies when used in conjunction with certain Cisco devices. See the original advisory for more details.

Forensics and Incident Response

RegLookup A utility for analyzing Windows registry hives.
GrokEVT Interprets Windows event logs.
tableau-parm A tool for interacting with Tableau forensics write blockers under UNIX.

Contact Us To Discuss Your Needs

Copyright © 2004-2019. Virtual Security Research, LLC. All rights reserved. Design by Star Graphic Design