[ Android ]  Announcing cargo-apk - cross compiling to android just got significantly easier! https://users.rust-lang.org/t/announcing-cargo-apk/5501

[ Attack ]  Lottery security director hacked random-number generator to rig lotteries http://securityaffairs.co/wordpress/46400/cyber-crime/security-director-hacked-lottery.html

[ Browser ]  Using a Braun Shaver to Bypass XSS Audit and WAF https://blog.bugcrowd.com/guest-blog-using-a-braun-shaver-to-bypass-xss-audit-and-waf-by-frans-rosen-detectify

[ Debug ]  PwnDbg by @ ebeip90 is now using Unicorn inside for code emulation! https://github.com/zachriggle/pwndbg

[ Detect ]  MIT builds Artificial Intelligence system that can detect 85% of Cyber Attacks ~ http://thehackernews.com/2016/04/artificial-intelligence-cyber-security.html #Security

[ Detect ]  Another interesting #malware tracker: http://tracker.h3x.eu/

[ Detect ]  Blocking #ransomware POC using mini-filter driver & honeyTokens https://github.com/ofercas/ransomware_begone

[ Fuzzing ]  PyExZ3 - symbolic execution engine for Python, now using the Z3 theorem prover https://github.com/thomasjball/PyExZ3/ Paper http://research.microsoft.com/pubs/233035/dse.pdf

[ IoTDevice ]  Jailbreaking the Microsoft fitness band http://www.b0n0n.com/2016/04/20/ms-jailbreak/

[ Mac OS X ]  Happy 4/20! New tool aims for generic ransomware detection: https://objective-see.com/products/ransomwhere.html. In-depth technical/R&D details: https://objective-see.com/blog/blog_0x0F.html

[ Malware ]  Dissecting a spammer’s spam script, spammers abuse known flaws https://jelleraaijmakers.nl/2016/04/dissecting-spammers-spam-script

[ Malware ]  Writeup on TeslaCrypt Propagation, Evasion, Encryption, and Persistence Techniques https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslacrypt-41a-and-malware-attack-chain

[ Malware ]  Threat Spotlight: Exploit Kit Goes International Hits 150+ Countries http://blog.talosintel.com/2016/04/nuclear-exposed.html

[ Malware ]  Ransomware Overview : Names, extensions, patterns, decryptors list along w/ screenshots : https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/edit#gid=0

[ Malware ]  Nemucod meets 7-Zip to launch #ransomware attacks: https://rqt.io/1i https://t.co/bb7phL63cT

[ Malware ]  PoS Malware Steals Credit Card Numbers via DNS Requests http://ow.ly/4mU5kZ

[ Malware ]  New Thanatos Trojan Can Delete Competing Malware from the Infected Target http://news.softpedia.com/news/new-thanatos-trojan-can-delete-competing-malware-from-the-infected-target-503163.shtml

[ Others ]  Using the National Vulnerability Database to Reveal Trends - A guest blog by @ realinfosec: https://community.rapid7.com/community/infosec/blog/2016/04/20/using-the-national-vunerability-database-to-reveal-vulnerability-trends-over-time https://t.co/PmjYZx0gbw

[ Others ]  Viber adds End-to-End Encryption and PIN protected Hidden Chats features http://ow.ly/4mSW2i

[ Others ]  Emulating a USB Mouse with mbed to Cheat at CookieClicker · http://jcjc-dev.com/2014/01/10/emulating-a-USB-mouse-with-mbed-to-cheat-at-cookieclicker/

[ Others ]  136 vulns patched in Oracle update. Remote exec across product line: JVM, Java SE, database, core middleware, ERP… http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

[ Others ]  Secure boot checkup utility - http://apps.insyde.com/sbutil.html plus an interesting base intro on uefi and secure boot

[ Others ]  ARM Architecture Reference Manual : https://www.scss.tcd.ie/~waldroj/3d1/arm_arm.pdf (pdf)

[ Others ]  Build Your Own Botnet : https://www.sans.org/reading-room/whitepapers/threats/byob-build-botnet-33729 (pdf)

[ Others ]  Understanding and Hardening Linux Containers by @ NCCGroupInfosec https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/april/ncc_group_understanding_hardening_linux_containers-10pdf/ (122 pages of container security)

[ Others ]  How I hunted the most odd ruby bug : http://blog.arkency.com/2016/04/how-i-hunted-the-most-odd-ruby-bug/

[ Pentest ]  My pentesting war story from @ NCCGroupplc #NCCcon to get domain creds from @ albinowax web app Excel export tricks http://www.exploresecurity.com/from-csv-to-cmd-to-qwerty/

[ Popular Software ]  Oracle OIT Image Export SDK libvs_pdf XRef Index Code Execution Vulnerability http://blog.talosintel.com/2016/04/oracle-oit-image-export-sdk-libvspdf.html

[ ReverseEngineering ]  Reversing a Finite Field Multiplication Optimization http://blog.quarkslab.com/reversing-a-finite-field-multiplication-optimization.html

[ SecurityProduct ]  Symantec Messaging Gateway Flaws Let Local Users Obtain and Decrypt Passwords and Execute Arbitrary Shell Commands.. http://www.securitytracker.com/id/1035609

[ Tools ]  TLS-Attacker : A Java-based framework for analyzing TLS libraries : https://github.com/RUB-NDS/TLS-Attacker

[ Tools ]  sk3wldbg : Debugger plugin for IDA Pro backed by the Unicorn Engine : https://github.com/cseagle/sk3wldbg

[ Windows ]  Windows Kernel DrawMenuBarTemp Wild Write https://packetstormsecurity.com/files/136738/GS20160419233516.tgz

[ Windows ]  Blog @ sjenninglinux "Running Fedora on Windows 10 using WSL" https://www.variantweb.net/blog/running-fedora-on-windows-10-using-wsl/ https://youtu.be/YHfQgEuMzfI

[ Windows ]  Looking Caves in Windows Executables http://marcoramilli.blogspot.com/2016/04/looking-caves-in-windows-executables.html