Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

CERT Failure Observation Engine (FOE)
Significant changes

FOE 2.1 (September 23, 2013)

  * Environment changes:
    - Upgraded to MSEC !exploitable 1.6

  * Code changes:
    - Crash uniqueness determined by exception chains
    - Improved exploitability bucketing of exception chains
    - Dynamic timeouts (CPU-usage-driven) for GUI applications
    - Zip seed file awareness (fuzz contents, not container)
    - New and improved scripts in the tools directory
    - Simplified usage
    - Optional feature to recycle crashing test cases as seed files
    - Minimization to string defaults to Metasploit string
    - Various bug fixes and improved error handling

FOE 2.0.1 (October 19, 2012)
  * Code changes:
    - BFF 2.6 and FOE 2.0.1 use the same certfuzz package
    - Fixed a bug in minimizer crash recycling
    - Various bug fixes and improved error handling
    
FOE 2.0 (July 20, 2012)

  * Environment changes:
    - Upgraded to python 2.7

  * Code changes:
    - Improved support for multiple seed files
    - Crashes found during minimization get analyzed as well
    - Improved machine learning implementation applied to both
      seed file selection and rangefinder
    - Minimizer tuned for performance
    - Optional minimization-to-string feature
    - Continues handled exceptions
    - Button clicker included
    - New drillresults.py script for picking out interesting 
      crashes
    - Added new fuzzers: drop, insert, truncate, verify
    - Refactored into object-oriented code
    - Merged in many other features from CERT's Basic Fuzzing Framework (BFF)
      for Linux v2.5

FOE 1.0 (April 20, 2012)

  * Initial Release
  • No labels