When performing a standard p/invoke method call in which a .NET string must be converted to an unmanaged LPSTR (char*), the .NET runtime performs a "bestfit" conversion.  This means some Unicode characters will be converted down to ASCII characters based on some mapping information.  This "bestfit" conversion can allow an attacker to bypass input validation filters.  For example, a filename might be checked to make sure it does not contain a backslash ("\") character, or two periods ("..").  By using Unicode characters an attacker could by pass those checks by providing a Unicode character that will be converted to the required ASCII character during the marshaling of the string.

Full article with character map.

A two day training course in Peach 2 is being offered this year at BlackHat Vegas.  This course will cover all of the latest Peach 2 features in a hands on, lab intensive manor.  Including the Peach 2 features being released later this year.

The course will cover creating fuzzers for the following situations:

• State-aware network protocol parsers
• N-tier applications
• Arbitrary APIs
• File parsers
• COM and Active/X components
• Detect non-classic faults in software
• Extend the Peach Fuzzing Platform by creating custom Transformers, Generators, Publishers, and Monitors.
• Apply these concepts and tools to their unique environment
• Utilize parallel fuzzing to increase fuzzing efficiency

Course information and registration.