[ Browser ]  Safari's URL redirection XSS(CVE-2016-4585) by Takeshi Terada http://www.mbsd.jp/blog/20160921.html (日本語) http://www.mbsd.jp/blog/20160921_2.html (English)

[ Debug ]  hack.lu agenda online https://2016.hack.lu/agenda/ @ hack_lu

[ iOS ]  Lists of available trusted root certificates in iOS - Apple Support (see also for OS X: https://support.apple.com/en-us/HT202858) https://support.apple.com/en-us/HT204132

[ Linux ]  @ marcograss You can check my study on the Linux kernel. https://github.com/munmap/Linux-Kernel-Bugs-DB/blob/master/bugs.json https://twitter.com/munmap/status/513429121888968704 The paper is in Bulgarian though.

[ macOS ]  ZDI-16-522: Apple OS X IOThunderboltFamily Uninitialized Memory Privilege Escalation Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-522/

[ macOS ]  ZDI-16-521: Apple OS X AppleHSSPIHIDDriver Buffer Overflow Privilege Escalation Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-521/

[ macOS ]  MacOS Sierra Kernel Panic with Razer Mouse https://xorcat.net/2016/09/21/macos-sierra-kernel-panic-with-razer-mouse/

[ Malware ]  Our #USENIX paper "A Comprehensive Measurement Study of Domain Generating Malware" is now acessible #DGArchive https://t.co/wPcsx866ea

[ Mitigation ]  Pretty cool stuff by my colleagues Bing & Chong to bypass CFG via JIT in WARP Shader, presented @ XCON 2016. https://sites.google.com/site/bingsunsec/WARPJIT/JIT%20Spraying%20Never%20Dies%20-%20Bypass%20CFG%20By%20Leveraging%20WARP%20Shader%20JIT%20Spraying.pdf.

[ Others ]  Experimental Intel SGX virtualisation patches for KVM and Xen released: https://01.org/intel-software-guard-extensions/sgx-virtualization

[ Popular Software ]  More Hacking SQL Servers Without a Password (with cool Python script) : https://blog.anitian.com/hacking-sql-servers-without-password/

[ Tools ]  IDA Pro plugin to do symbolic execution in one click that @ francisco_oca and myself presented at #IDA plugin contest https://research.trust.salesforce.com/Introducing-Ponce-One-click-symbolic-execution/

[ Tools ]  NetRipper : Smart traffic sniffing for penetration testers : https://github.com/NytroRST/NetRipper cc @ NytroRST

[ Virtualization ]  Cappsule : Open Source hypervisor to sandbox apps : https://cappsule.github.io/ , Video : https://cappsule.github.io/data/cappsule-desktop.webm

[ Web Security ]  The SSRF vulnerability. Port scanning, RFI and of course, a shell! http://resources.infosecinstitute.com/the-ssrf-vulnerability/ #ssrf

[ Windows ]  COM Scriptlet RAT Prototype - SCRAT https://gist.github.com/subTee/e68729aef14cca04eab3a981bfff3d3c Execute 4 commands, sends back base64 encoded output to url. C U @ DerbyCon ;-)

[ WirelessSecurity ]  Replay Attack – Doorbell http://drwxr.org/2016/09/replay-attack-doorbell/ #SDR #Hacking https://t.co/YemRcOlKXS

[ WirelessSecurity ]  Digital Ding Dong Ditch – Hacking wireless doorbells with Arduino and RTL-SDR http://samy.pl/dingdong/ #SDR #Hacking https://t.co/a256jLz3kv