[ Android ]  ReDex is an Android bytecode optimizer originally developed at Facebook http://fbredex.com/

[ Android ]  通过BT种子传播到安卓手机的下载者 - http://blogs.360.cn/360safe/2016/04/12/bt_android_downloader/

[ Attack ]  New @ DeepEndResearch post: "JBoss exploits - View from a Victim" - http://www.deependresearch.org/2016/04/jboss-exploits-view-from-victim.html

[ Attack ]  [White Paper] Learn why cyber attackers are targeting higher education. http://bddy.me/1XvfU1v #highereducation https://t.co/RJN1Xtnffm

[ Browser ]  H.264/AVC is coming to RTC in Edge. Also available in Firefox & behind flag in Chrome https://blogs.windows.com/msedgedev/2016/04/13/roadmap-update-for-real-time-communications-in-microsoft-edge/#.Vw59t3IzVxs.twitter

[ Crypto ]  Very interesting EUROCRYPT 2016 paper on defects in the OpenSSL PRNG by Falko Strenzke (former colleague): https://eprint.iacr.org/2016/367.pdf

[ Defend ]  Preventing malicious attacks by diversifying Linux shell commands http://ceur-ws.org/Vol-1525/paper-15.pdf

[ Exploit ]  Part 3 of Exploitation Demystified covers heap based #exploits http://bit.ly/1Q7wjDx

[ Forensics ]  Smartphone Forensics to Detect Distraction https://www.schneier.com/blog/archives/2016/04/smartphone_fore.html

[ Hardware ]  Ethernet Connected Remote Wifi Sniffing Station with an ESP8266 Module : http://phasenoise.livejournal.com/4003.html , Github : https://github.com/cnlohr/espthernet

[ Malware ]  RockLoader : New Upatre-like Downloader Pushed by Dridex, Downloads all the Malwares : http://phishme.com/rockloader-new-upatre-like-downloader-pushed-dridex-downloads-malwares/ https://t.co/OZO4JQMFD6

[ Malware ]  We'd like to introduce the 1st of our “Ghosts in the Endpoint” series on malicious #software http://bddy.me/1VoRFEO https://t.co/YM1eGevrJw

[ Malware ]  Qbot Malware Morphs Quickly to Evade Detection https://threatpost.com/qbot-malware-morphs-quickly-to-evade-detection/117377/

[ Malware ]  黑暗幽灵（DCM）木马详细分析 - http://drops.wooyun.org/tips/14911

[ MalwareAnalysis ]  RT @ viql: Published the DGA of the banking trojan Qadars 3.0.0.0 - active since mid March it seems https://johannesbader.ch/2016/04/the-dga-of-qadars/

[ Operating System ]  Writing an OS in Rust : Kernel Heap : http://os.phil-opp.com/kernel-heap.html //Series cont'd

[ Others ]  Automated Root Cause Identification for Crashing Executions by @ seanhn https://docs.google.com/presentation/d/1vvl34hw0pAyFeNo-oqJnMUg8zsKIVNj0NHOKxdW-UEs/edit#slide=id.p

[ Others ]  Go 1.6.1 and 1.5.4 are released to address two security issues. Info: https://groups.google.com/d/msg/golang-announce/9eqIHqaWvck/kXsfO0ogLAAJ Download: https://golang.org/dl/ #golang

[ Others ]  https://www.sadlock.org.

[ Others ]  ZDI-16-234: Microsoft .NET Framework mscoreei DLL Planting Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-234/

[ Others ]  ZDI-16-235: Adobe Creative Cloud Node.js Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-235/

[ Pentest ]  WhatsPwn : Linux tool used to extract sensitive data, inject backdoor or drop remote shells on android devices : https://github.com/jlrodriguezf/WhatsPwn

[ Tools ]  UniHook - Intercept arbitrary functions at run-time, without knowing their typedefs https://github.com/stevemk14ebr/UniHook

[ Tools ]  gapstone - gapstone is a Go binding for the capstone disassembly library https://github.com/bnagy/gapstone

[ Tools ]  RDP Replay Code Release http://contextis.com/resources/blog/rdp-replay-code-release/

[ Tools ]  lesser known commercial RCE tools: http://www.hopperapp.com/ https://www.relyze.com/ https://binary.ninja/

[ Virtualization ]  HyperBone - Minimalistic VT-X hypervisor with hooks https://github.com/DarthTon/HyperBone

[ Virtualization ]  Stealthy monitoring with Xen altp2m https://blog.xenproject.org/2016/04/13/stealthy-monitoring-with-xen-altp2m/

[ Vulnerability ]  I just discovered another article by Ruhai Zhang on the same topic, with some additional info: https://www.virusbulletin.com/virusbulletin/2013/05/cat-and-mouse-game-cve-2012-0158#id4230804

[ Vulnerability ]  New post: How bad is Badlock (CVE-2016-0128/ CVE-2016-2118)? http://bit.ly/1qPpy4T @ TrendMicro

[ Vulnerability ]  New advisory and POC for MS16-042 at https://smsecurity.net/microsoft-office-excel-out-of-bounds-read-remote-code-execution/

[ Web Security ]  Google Account Recovery XSS (worth a bug bounty of $12.5k ) : https://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss

[ Web Security ]  GitHub's CSP journey (Content Security Policy) http://githubengineering.com/githubs-csp-journey/

[ Windows ]  Our articles about a malicious RTF (CVE-2015-1641) in collaboration with @ decalage2: http://www.sekoia.fr/blog/ms-office-exploit-analysis-cve-2015-1641/ and http://www.decalage.info/rtf_tricks

[ Windows ]  Windows 10 RS1 14316 UAC again broken, and yet again with help of sysprep and dumbest way of whitelisting inside appinfo.dll

[ Windows ]  Windows Kernel-Mode Drivers written in Rust https://github.com/pravic/winapi-kmd-rs