[ Android ]  Just released dex-oracle, an Android deobfuscation tool: https://github.com/CalebFenton/dex-oracle

[ Android ]  Dex Education: Practicing Safe Dex http://www.strazzere.com/papers/DexEducation-PracticingSafeDex.pdf by @ timstrazz

[ Android ]  Today's #Android Nexus Security Bulletin patches a critical vulnerability in #Mediaserver - http://ow.ly/WC8nB

[ Browser ]  Firefox's blacklist of GPU drivers and related bugs, useful if you're fuzzing/researching WebGL: https://hg.mozilla.org/mozilla-central/file/tip/widget/windows/GfxInfo.cpp#l817

[ Debug ]  Debugging Early Boot Stages of Windows http://standa-note.blogspot.com.es/2014/11/debugging-early-boot-stages-of-windows.html

[ Defend ]  NCC Group Blog: Phishing Mitigations: Configuring Microsoft Exchange to Clearly Identify External Emails - https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/january/phishing-mitigations-configuring-microsoft-exchange-to-clearly-identify-external-emails/

[ Malware ]  Radamant Ransomware distributed via Rig EK http://www.cyphort.com/radamant-ransomware-distributed-via-rig-ek/

[ Mitigation ]  My analysis of the lib injection mitigation of #Edge: http://www.sekoia.fr/blog/microsoft-edge-binary-injection-mitigation-overview/ & source code of the tools mentioned: https://github.com/SekoiaLab/BinaryInjectionMitigation

[ Network ]  HTTPS Bicycle Attack https://guidovranken.wordpress.com/2015/12/30/https-bicycle-attack/

[ Network ]  Linode data centers targeted with #DDoS attacks http://www.scmagazine.com/cloud-hosting-company-linode-sees-service-interruptions-for-ddos-attacks/article/462535/ (@ TeriRnNY)

[ Network ]  Testing for DNS recursion and avoiding being part of DNS amplification attacks, (Mon, Jan 4th) https://isc.sans.edu/diary.html?storyid=20567&rss

[ Others ]  Timing side-channel in ECDSA signature verification http://www.openwall.com/lists/oss-security/2016/01/03/3

[ Others ]  US-Cert Bulletin (SB16-004) Vulnerability Summary for the Week https://www.us-cert.gov/ncas/bulletins/SB16-004

[ Others ]  New blog post: #threatintel technology and tradecraft in 2015 >>> http://www.cyintanalysis.com/intelligence-technology-and-tradecraft-in-2015/. Enjoy!

[ Others ]  New blog post "XOR Known-Plaintext Attack" http://blog.didierstevens.com/2016/01/01/xor-known-plaintext-attack/

[ Others ]  Large Scale Authorship Attribution from Executable Binaries of Compiled Code ~ by: Aylin Caliskan-Islam @ 32nd CCC http://m.theregister.co.uk/2015/12/31/automated_stylometry_can_deanonymise_programmers_binaries/

[ Pentest ]  Phpsploit - Stealth Post-Exploitation Framework http://fuhs.eu/s74

[ Popular Software ]  Ganeti vulnerabilities allowing to take over VMs remotely https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html CVE-2015-7944 CVE-2015-7945 #DoS #infoleak #DRBD

[ Tools ]  Part 3 of #Unit42 series on how to use IDAPython to make your life easier. http://bit.ly/1PG84z9 @ jgrunzweig @ Unit42_Intel

[ Tools ]  Wrote a DXE driver for taking screenshots from UEFI apps (aimed for non-ugly Setup shots) and a blog post about it. https://github.com/NikolajSchlej/CrScreenshotDxe

[ Web Security ]  Exploiting Server Side Request Forgery on a Node/Express Application (hosted on Amazon EC2) http://sethsec.blogspot.com/2015/12/exploiting-server-side-request-forgery.html

[ Web Security ]  On The Design and Implementation of a Stealth Backdoor for Web Applications https://paragonie.com/blog/2016/01/on-design-and-implementation-stealth-backdoor-for-web-applications

[ Windows ]  Cracking Kerberos Tickets (Kerberoast) – Exploiting Kerberos to Compromise #ActiveDirectory: https://adsecurity.org/?p=2293 https://t.co/2MjOb5DCSE

[ Windows ]  Attack Methods for Gaining Domain Admin Rights in Active Directory https://adsecurity.org/?p=2362