Most likely you've already heard about the famous exploit checkm8, which uses an unfixable vulnerability in the BootROM of most iDevices, including iPhone X. In this article, we'll provide a technical analysis of this exploit and figure out what causes the vulnerability.

In previous article we told a lot about security of ERP systems. Now we want to talk about ways to protect them.

To illustrate typical attack, and architecture issues, we will provide examples of SAP ERP solution, as it’s the most widespread one installed in 85% of Fortune 2000 companies.

ERPs and other enterprise business applications play a significant role in a company’s architecture and business processes. Unfortunately, these systems may easily fall victim to cyberattacks.

Today we’re going to talk about one of the modern security mechanism for web applications, namely Web Application Firewall (WAF). We’ll discuss modern WAFs and what they are based on, as well as bypass techniques, how to use them, and why you should never entirely rely on WAF. We’re speaking from the pentesters’ perspective; we’ve never developed WAFs and only collected data from open sources. Thus, we can only refer to our own experience and may be unaware of some peculiarities of WAFs.

In this article, we're going to talk about not the classical AFL itself but about utilities designed for it and its modifications, which, in our view, can significantly improve the quality of fuzzing. If you want to know how to boost AFL and how to find more vulnerabilities faster – keep on reading!