User:PetiteMiette/sandbox

Déjà vu Security is a private application and network security company based in Seattle, WA, founded in 2011 by a group of information security veterans with past leadership experience at Microsoft, Amazon and HP. The company helps clients build secure solutions, through strategic insight, proactive advice, tactical assessment and contracted development.

Several founders offer talks and training at industry technical conferences, including the Black Hat Briefings, CanSecWest , and RSA Conferences.

Services and Products
Déjà vu Security provides three primary services- Security Advisory Services (Infrastructure & Applications), Secure Development Services, and Security Training. These are complemented by a set of commercial and open-source products, such as Peach Fuzzer. The company specializes in fuzzing, threat modeling, design review, information security, penetration testing, embedded device security, and secure software development.

Outlook Privacy Plugin
Déjà vu Security additionally sponsors a simple OpenPGP encryption plugin for Outlook 2010 that has been in active development since 2011. The plugin functions as a security extension for Outlook 2010 that enables Outlook 2010 to send and receive email messages that are encrypted and/or signed with the OpenPGP standard. It supports encrypted attachments and multiple recipients, and decrypts PGP-MIME and OpenPGP blocks in HTML emails.

Peach Fuzzer
Originally developed in 2004, Peach is a smart fuzzer that performs both generational and mutation based fuzzing. Originally written in Python, Peach is currently on the 3rd release, now written in C# for the .NET framework and is Mono compatible for *nix systems. Peach can fuzz a range of applications from COM/ActiveX, SQL, shared libraries/DLL’s, network applications, web applications, and more. Peach requires the creation of Peach Pit files that define the structure, type information and relationships in the data to be fuzzed. It additionally allows for the configuration of a fuzzing run that includes selecting a data transport through a publisher (i.e. network devices, application launching, etc), and logging interfaces.

Smart Fuzzer
A smart fuzzer is a fuzzer that has additional information about the data and state about the target being fuzzed. Typically the base line for a smart fuzzer is to understand the type information in the data that is being mutated. Peach takes this further by modeling the following:
 * Type Information
 * Basic relationships such as size and count
 * Static transformations such as ZIP and Base64
 * Basic state modeling

Peach Pits
Peach Pits are XML files that contain all of the information needed for Peach to perform a fuzzing run. Peach Pit files contain the following:
 * GeneralConf
 * Data Modeling: Defines the protocol or file format to be fuzzed or not fuzzed.
 * StateModeling: Used for controlling the flow of the fuzzing process.
 * Publisher: I/O interface used to read and write data to a file/socket, etc.
 * Agents: The Peach process that needs to run on the target system and monitors the behavior of the application, which can be used to restart the fuzzed server if it crashes.
 * Monitors: Used to capture the network traffic, attaching a debugger to the target process, etc.
 * Test Block: Correlates the configuration of the StateModel, Agents and Publishers into a single test case.
 * Run Block: Defines which tests will be executed during the fuzz process as well as managing logging of any data generated by the Agents during the fuzz process.
 * Logger: Saves the crashes and input test cases into a file for later analysis.