Broadcom is one of the major vendors of wireless devices worldwide. Since these chips are so widespread they constitute a high value target to attackers and any vulnerability found in them should be considered to pose high risk. In this blog post I provide an account of my internship at Quarkslab which included obtaining, reversing and fuzzing the firmware, and finding a few new vulnerabilities.

https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html

#PWN

SP 800-77 Rev.- 1 (DRAFT),- Guide to IPsec VPNs | CSRC :

https://csrc.nist.gov/publications/detail/sp/800-77/rev-1/draft

Cracking the Lens: Targeting HTTP's Hidden Attack Surface :

https://portswigger.net/kb/papers/crackingthelens-whitepaper.pdf

Youtube is removing all Instructional hacking and phishing content

https://ift.tt/2wL8xfl

Authentication Bypass and Arbitrary File Upload (leading to remote code execution) on Cisco Data Center Network Manager
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt

Android malware hidden inside VirtualApp sandbox.
#chinese
http://blog.avlsec.com/2019/07/5393/virtualapp%e6%8a%80%e6%9c%af%e5%ba%94%e7%94%a8%e5%8f%8a%e5%ae%89%e5%85%a8%e5%88%86%e6%9e%90%e6%8a%a5%e5%91%8a/

Mozilla releases Grizzly, a cross-platform browser fuzzing framework designed to allow fuzzer developers to focus solely on writing fuzzers and not worry about the overhead of creating tools and noscripts

https://github.com/MozillaSecurity/grizzly

Supported by Linux, MacOS and Windows are supported

Introduction to WAFs, WAF types and WAF Bypassing #Web