[ Android ]  File-encrypting #Android #ransomware strikes as adult applications http://b0n1.blogspot.com/2016/03/file-encoder-android-ransomware-adult-applications.html #malware https://t.co/UIfNVDYvea

[ Android ]  Millions Of Android Devices Vulnerable To Stagefright https://packetstormsecurity.com/news/view/26435/Millions-Of-Android-Devices-Vulnerable-To-Stagefright.html

[ Attack ]  Suckfly: Revealing the secret life of your code signing certificates http://www.symantec.com/connect/ko/blogs/suckfly-revealing-secret-life-your-code-signing-certificates

[ Browser ]  An incredibly long & boring analysis of an Edge use-after-free bug that's neither a security issue nor exploitable: http://blog.skylined.nl/20160316001.html

[ Browser ]  Bypassing SOP and shouting hello before you cross the pond http://labs.detectify.com/2016/03/17/bypassing-sop-and-shouting-hello-before-you-cross-the-pond/ #sopbypass #cve20153755 #poc

[ Browser ]  Bypassing NoScript Security Suite Using Cross-Site Scripting and MITM Attacks https://mazinahmed.net/uploads/Bypassing%20NoScript%20Security%20Suite%20Using%20Cross-Site%20Scripting%20and%20MITM%20Attacks.pdf

[ Browser ]  Seek and Destroy Non-Secure References Using the moarTLS Analyzer https://textplain.wordpress.com/2016/03/17/seek-and-destroy-non-secure-references-using-the-moartls-analyzer/ https://t.co/zOfl34NKIH

[ Defend ]  McAfee Uses Web Beacons That Can Be Used To Track Users,Serve Advertising : https://duo.com/assets/pdf/bring-your-own-dilemma.pdf (pdf)

[ Defend ]  Guidance to avoiding vulnerabilities in programming languages http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2018.pdf

[ Detect ]  Wondering if adversaries are scanning and abusing TR-069, here is a TR-069 honeypot https://github.com/omererdem/honeything

[ Fuzzing ]  NextGen is a new Capstone-dependent genetic fuzzer for Unix file, syscall & network! https://github.com/2trill2spill/nextgen

[ Industry News ]  [White Paper] If you don’t have cyber insurance, here’s why you should http://bddy.me/2571udi #infosec https://t.co/yTmjt2AkFr

[ iOS ]  Ha, has this Android Trojan paid any royalty fee to Apple for its app name and icon? http://blog.avlyun.com/2016/03/2849/maliciousappstore/ https://t.co/mQXKDkNEJU

[ iOS ]  code signing is a pain? just use https://github.com/kpwn/921csbypass!

[ iOS ]  Who’s Breaking into Your Garden : iOS and OS X Malware You May or May Not Know : https://github.com/secmobi/slides/blob/master/2016.AppleMalware_BsidesSF.pdf (pdf) cc: @ claud_xiao

[ Mac OS X ]  Presentation Update: Analysis and Correlation of Mac Logs http://www.mac4n6.com/blog/2016/3/17/cypwviye6np7113k5yghbt3ds8sz7l #DFIR #mac4n6

[ Malware ]  Nemucod Adds Ransomware Routine | Fortinet Blog http://ow.ly/ZAxjl

[ Others ]  @ HackSysTeam We do, @ Zerodium acquires VM guest-to-host escapes (VMware, VirtualBox, etc) for $50,000. See: https://www.zerodium.com/program.html

[ Others ]  Microsoft adds new OneDrive Bounty Program at http://bit.ly/21y9Q9n. Submissions accepted at secure@ microsoft.com.

[ Others ]  PoC||GTFO 0x11 is now available on the EU mirror over SSL and #IPv6 freshly minted by @ travisgoodspeed at #TR16! https://www.alchemistowl.org/pocorgtfo/

[ Others ]  #Pwn2Own 2016 Awards: Master of Pwn Tencent Security Team Sniper (KeenLab and PC Manager). https://t.co/bxgbfk3a60

[ Others ]  Advanced Testing with Go by @ mitchellh https://speakerdeck.com/mitchellh/advanced-testing-with-go #golang

[ Others ]  Cve-2016-0040 semi poc https://github.com/Rootkitsmm/cve-2016-0040/blob/master/poc.cc , local privilege escalating

[ Others ]  Complete Tour of PE and ELF: Part 2 http://resources.infosecinstitute.com/complete-tour-of-pe-and-elf-part-2/

[ Pentest ]  I Have the Power(View) - PowerView & offensive Active Directory enumeration tool written in PowerShell: http://www.slideshare.net/harmj0y/i-have-the-powerview cc: @ harmj0y

[ Pentest ]  Abusing GPO Permissions http://www.harmj0y.net/blog/redteaming/abusing-gpo-permissions/

[ Popular Software ]  If you haven't already, patch your Ruby on Rails (CVE-2016-2098): https://groups.google.com/forum/#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ ( exploit: /?id[inline]=<%25_ruby_code_%25> )

[ Popular Software ]  Adobe Flash op_pushwith Incorrect Jit Optimization https://packetstormsecurity.com/files/136264/GS20160317052509.tgz

[ Sandbox ]  Sandboxing: Aid in Digital Forensic Research https://www.researchgate.net/profile/Asif_Iqbal40/publication/283349465_Sandboxing_Aid_in_Digital_Forensic_Research/links/56361c4f08ae75884114de70.pdf

[ ThreatIntelligence ]  Here’s the slides from my “Passive Intel Gathering and Analytics w/ Just-Metadata” talk at @ WEareTROOPERS #TR16 - http://www.slideshare.net/CTruncer/passive-intelligence-gathering-and-analytics-its-all-just-metadata

[ Tools ]  SHIPS – Centralized Password Management for Linux & Windows. https://www.trustedsec.com/january-2015/introducing-ships-centralized-local-password-management-windows/

[ Tools ]  OpenSGX: An Open Platform for SGX Research https://github.com/sslab-gatech/opensgx http://ina.kaist.ac.kr/~dongsuh/paper/opensgx.pdf https://github.com/sslab-gatech/opensgx/blob/master/Opensgx_tutorial_v1.pdf https://t.co/0vVRHyIeHE

[ Tools ]  New Security Tool: Enteletaor - Broker & MQ Injection tool http://goo.gl/fb/6wo2gx #FullDisclosure

[ Tools ]  WinDBG Anti-RootKit Extension v1.5 released http://sww-it.ru/2015-02-15/1242#.VuXglsjs4Ig.twitter

[ Virtualization ]  Introducing SimpleVisor: an Intel x64 Windows-specific hypervisor with less than 10 lines of assembly. Learn more at http://ionescu007.github.io/SimpleVisor/

[ Web Security ]  WordPress Bulletproof Security Plugin Multiple Cross Site Scripting… http://goo.gl/fb/y0jPDI #FullDisclosure