[ Android ]  PowerSpy: Location Tracking using Mobile Device Power Analysis https://crypto.stanford.edu/powerspy/

[ Android ]  This week's #MobSec5: @ cdump's #FFmpeg bug, @ CopperheadSec finds Android UAF errors & more http://ow.ly/X3Sjz https://t.co/pZq0S2OQlJ

[ Android ]  diva-Android : (Intentionally) Damn Insecure and vulnerable App for Android : https://github.com/payatu/diva-android/ cc: @ aseemjakhar

[ Attack ]  #Hyatt discovers POS #malware at 250 hotels http://www.scmagazine.com/hyatt-discovers-malware-at-250-hotels/article/465560/ via @ TeriRnNY

[ Defend ]  New blog post: Using Intel SGX to harden password hashing https://jbp.io/2016/01/17/using-sgx-to-hash-passwords/

[ Exploit ]  Added "Intro to Windows kernel exploitation part 2" to @ WhitehattersA feat the @ HackSysTeam extremely vuln driver :D https://www.whitehatters.academy/intro-to-windows-kernel-exploitation-2-windows-drivers/

[ IoTDevice ]  Damn vulnerable router firmware : http://b1ack0wl.com/projects/2015/12/25/Damn-Vulnerable-Router-Firmware/

[ IoTDevice ]  UPC Ubee EVW3226 Fail : https://firefart.at/post/upc_ubee_fail/ cc: @ _FireFart_

[ Linux ]  All about Linux signals : http://www.linuxprogrammingblog.com/all-about-linux-signals?page=show

[ Mac OS X ]  Understanding OS X and iOS Code Signing to Hide Data : https://github.com/secretsquirrel/Shmoocon2016/blob/master/preso_shmoocon_2016.pdf (pdf)

[ Mac OS X ]  Source code release for my @ shmoocon talk with @ drraid , OSX VR and Why We wrote Our own Debugger. Check it out: https://github.com/blankwall/MacDBG

[ Malware ]  Dealing With Script Kiddies – Cryptear.B Incident : http://www.utkusen.com/blog/dealing-with-script-kiddies-cryptear-b-incident.html

[ Network ]  HTTP Evasions Explained 10 - Lazy Browsers http://noxxi.de/research/http-evader-explained-10-lazy-browsers.html

[ Network ]  Building a UDP Scanner : http://bt3gl.github.io/black-hat-python-building-a-udp-scanner.html

[ Operating System ]  VxWorks Fuzzing 之道：VxWorks工控实时操作系统漏洞挖掘调试与利用揭秘 - http://blog.knownsec.com/2016/01/vxworks-real-time-operation-system-fuzzing/

[ Others ]  An introduction to Machine Learning : https://docs.google.com/presentation/d/1O6ozzZHHxGzU-McpvEG09hl7K6oQDd2Taw0FOlnxJc8/preview?slide=id.p

[ Others ]  WARP-CTC artificial intelligence • Baidu releases open source AI code https://thestack.com/world/2016/01/15/baidu-releases-open-source-ai-code/

[ Others ]  PoC || GTFO Issue 10 : http://n0k.r4n0k.com/pocorgtfo/pocorgtfo10.pdf (pdf - 58.4 Mb)

[ Others ]  Microsoft starts pushing Windows 10 to domain-joined PCs http://bit.ly/1ZmbGsM https://t.co/g0xKxwIEkV

[ Others ]  Genode - An in-depth look into the ARM virtualization extensions http://genode.org/documentation/articles/arm_virtualization

[ Pentest ]  Secret Pentesting Techniques Shhh... : http://www.trustedsec.com/files/BSIDESLV_Secret_Pentesting_Techniques.pdf (Slides)

[ Pentest ]  foolav : Pentest tool for antivirus evasion and running arbitrary payload on target Wintel host : https://github.com/hvqzao/foolav

[ Programming ]  Free Programming Books : https://github.com/vhf/free-programming-books/blob/master/free-programming-books.md

[ Tools ]  inih : Simple .INI file parser in C, good for embedded systems : https://github.com/benhoyt/inih

[ Tools ]  Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012 … and a new network attack http://foxglovesecurity.com/2016/01/16/hot-potato/

[ Web Security ]  My Hash Is My Passport : Understanding Web and Mobile Authentication : http://www.darthnull.org/media/presentations/HashPassport-AuthMethods_ShmooCon_2016.pdf (Slides)