Pull to refresh

The Digital Security company has temporarily suspended it’s blog on Habr

Show first

Technical analysis of the checkm8 exploit

Reading time 25 min
Views 91K

Most likely you've already heard about the famous exploit checkm8, which uses an unfixable vulnerability in the BootROM of most iDevices, including iPhone X. In this article, we'll provide a technical analysis of this exploit and figure out what causes the vulnerability.

Read more →
Total votes 22: ↑22 and ↓0 +22
Comments 4

WAF through the eyes of hackers

Reading time 21 min
Views 30K
Today we’re going to talk about one of the modern security mechanism for web applications, namely Web Application Firewall (WAF). We’ll discuss modern WAFs and what they are based on, as well as bypass techniques, how to use them, and why you should never entirely rely on WAF. We’re speaking from the pentesters’ perspective; we’ve never developed WAFs and only collected data from open sources. Thus, we can only refer to our own experience and may be unaware of some peculiarities of WAFs.
Read more →
Total votes 13: ↑9 and ↓4 +5
Comments 0

Zoo AFL

Reading time 11 min
Views 11K
image

In this article, we're going to talk about not the classical AFL itself but about utilities designed for it and its modifications, which, in our view, can significantly improve the quality of fuzzing. If you want to know how to boost AFL and how to find more vulnerabilities faster – keep on reading!
Read more →
Total votes 14: ↑14 and ↓0 +14
Comments 4