Skip to end of metadata
Go to start of metadata

CERT Failure Observation Engine (FOE) Significant changes 

FOE 2.1 (September 23, 2013)

Environment changes

  • Upgraded to MSEC !exploitable 1.6

Code changes

  • Crash uniqueness determined by exception chains - Improved exploitability bucketing of exception chains
  • Dynamic timeouts (CPU-usage-driven) for GUI applications
  • Zip seed file awareness (fuzz contents, not container)
  • New and improved scripts in the tools directory
  • Simplified usage
  • Optional feature to recycle crashing test cases as seed files
  • Minimization to string defaults to Metasploit string
  • Various bug fixes and improved error handling

FOE 2.0.1 (October 19, 2012)

Code changes

  • BFF 2.6 and FOE 2.0.1 use the same certfuzz package
  • Fixed a bug in minimizer crash recycling
  • Various bug fixes and improved error handling

FOE 2.0 (July 20, 2012)

Environment changes

  • Upgraded to python 2.7

Code changes

  • Improved support for multiple seed files
  • Crashes found during minimization get analyzed as well
  • Improved machine learning implementation applied to both seed file selection and rangefinder
  • Minimizer tuned for performance
  • Optional minimization-to-string feature
  • Continues handled exceptions
  • Button clicker included
  • New script for picking out interesting crashes
  • Added new fuzzers: drop, insert, truncate, verify
  • Refactored into object-oriented code
  • Merged in many other features from CERT's Basic Fuzzing Framework (BFF) for Linux v2.5

FOE 1.0 (April 20, 2012)

  • Initial Release