[ Android ]  Autopwn every Android device on your network using BetterCap and the "addJavascriptInterface" vulnerability. http://www.evilsocket.net/2016/01/18/autopwn-every-android-device-on-your-network-using-bettercap-the-and-addjavascriptinterface-vulnerability/

[ Android ]  Android Xposed Module to bypass SSL certificate validation (Certificate Pinning) - https://github.com/ac-pm/SSLUnpinning_Xposed

[ Android ]  Targeted Mobile Implants in the Age of Cyber-Espionage https://kas.pr/tbn4 by @ dimitribest

[ Android ]  Mobile Security News Update January 2016 https://www.mulliner.org/blog/blosxom.cgi/security/mobile_security_news_update_January2016.html #theyearjuststarted

[ Attack ]  Malicious Code Analysis on Ukraine's Power Grid Incident : http://blog.knownsec.com/wp-content/uploads/2016/01/Malicious-Code-Analysis-on-Ukraines-Power-Grid-Incident-L150113.pdf (pdf)

[ Attack ]  Attack against Ukrainian airport's network may be linked to power grid malware, say authorities http://www.reuters.com/article/us-ukraine-cybersecurity-malware-idUSKCN0UW0R0

[ Browser ]  List of chrome protocol handlers extracted from Google Chrome source code https://gist.github.com/ethicalhack3r/ed3c628e684d9817d28c

[ Cloud ]  Security Vulnerabilities in Cloud Application http://goo.gl/9Hl3qq #CloudComputing #ApplicationSecurity #NetworkSecurity #Vulnerabilities

[ Crypto ]  Crypto trivia: constructing the Dual EC backdoor (http://vnhacker.blogspot.com/2016/01/constructing-dual-ec-backdoor.html) and exploiting the math bug in Go (http://vnhacker.blogspot.com/2016/01/exploiting-mathrsa-bug-in-go.html)

[ Hardware ]  Insecure by Design: Using Human Interface Devices to exploit SCADA systems https://www.researchgate.net/profile/Leandros_Maglaras/publication/279178281_Insecure_by_Design_Using_Human_Interface_Devices_to_exploit_SCADA_systems/links/558c33ac08ae40781c204141.pdf

[ Hardware ]  Chameleon : Emulates Contactless Smart Cards ,read RFID tags and sniff RF data : https://github.com/skuep/ChameleonMini https://t.co/5ghUJXADqr

[ Hardware ]  August Smart Lock Teardown https://medium.com/@ use_ruki/august-teardown-6274a7858338#.wpgqumxhr

[ Others ]  Obfuscated RCE backdoor via IRC in alternate blockchains lucky7coin and torcoin https://github.com/alerj78/lucky7coin/issues/1

[ Pentest ]  CrisPY : A exploiter kit written in python w/ various latest exploits and tools written in python,perl,bash : https://github.com/ChaitanyaHaritash/CrisPY

[ Tools ]  Fast Incident Response: a cybersecurity incident management platform https://github.com/certsocietegenerale/FIR

[ Tools ]  Tracking Hacked Websites using Shodan: http://buff.ly/1Qhzu0k

[ Tools ]  JReFrameworker : A practical tool for creating Managed Code Rootkits (MCRs) in the Java Runtime Environment : https://github.com/benjholla/JReFrameworker

[ Tools ]  DbDat - Database Assessment Tool (also a framework for creating additional database checks) https://github.com/foospidy/DbDat

[ Tools ]  GUEB - Static analyzer of Use-After-Free on binary : https://github.com/montyly/gueb

[ Tools ]  New blog post: Creating an automated sandbox on the fly with Noriben #DFIR #Malware http://www.ghettoforensics.com/2016/01/creating-malware-sandbox-in-seconds.html

[ Vulnerability ]  Analysis of sys_dynlib_prepare_dlclose PS4 kernel heap overflow http://cturt.github.io/dlclose-overflow.html

[ Vulnerability ]  payatu/CVE-2015-6086 - HTML - GitHub http://gettopical.com/github/c2b8ecea7528b9726ed760ad2b729598?src=twitter via @ HackSysTeam

[ Web Security ]  Yahoo Mail stored XSS could compromise email accounts ($10k #bugbounty). Proof of concept JS virus https://klikki.fi/adv/yahoo.html

[ Web Security ]  Creating your Own Simple Exploit Module for a Remote Code Execution in Web Apps http://goo.gl/PxJjix #PenetrationTesting #AccessControl

[ Windows ]  Microsoft security bulletin is clearly high on DLL hijacking bugs these days. Here is my research from 2012: http://2012.zeronights.org/includes/docs/Esage.pdf