[ Android ]  Apktool v2.1.0 Released http://connortumbleson.com/2016/03/27/apktool-v2-1-0-released/

[ Android ]  Setting up the new @ kalilinux #Nethunter 3.0 on a OnePlusOne is so straight-forward. Thanks guys! @ _binkybear https://github.com/offensive-security/nethunter-LRT

[ Attack ]  Btw, a year later @ bsdaemon provided a nice analysis of the initial vector at #TR12: https://www.troopers.de/media/filer_public/30/40/30403bef-bfbd-403d-9525-00272e67a22b/tr12_day01_branco_into_the_darkness.pdf [PDF]

[ Attack ]  Worth a re-read: https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf

[ Attack ]  #Medicaid management information systems are increasingly vulnerable http://bddy.me/1MMETYf #infosec https://t.co/eccfBOZ12l

[ Debug ]  "WinDbg the easy way" http://www.debuginfo.com/articles/easywindbg.html

[ Fuzzing ]  The Fuzzing Project (eh16) http://cdn.media.ccc.de/events/eh2016/h264-sd/eh16-75-eng-The_Fuzzing_Project_sd.mp4

[ Fuzzing ]  I Can Haz Fuzz? Fuzzing OpenSSL for fun and profit: https://github.com/benlaurie/openssl/tree/fuzz/fuzz Send me patches!

[ Hardware ]  Cyber-attack on cars over CAN protocol : http://dn5.ljuska.org/cyber-attacks-on-vehicles-2.html ,vircar : https://github.com/dn5/vircar cc: @ dn5__

[ Industry News ]  Exploit derivatives: a way towards decentralized security rewards http://sirdarckcat.blogspot.com/2016/03/creating-decentralized-security-rewards.html

[ IoTDevice ]  3DS Code Injection through “Loader” http://yifan.lu/2016/03/28/3ds-code-injection-through-loader/ https://t.co/qbXYb1MQ7L

[ Linux ]  Improving Bash Forensics Capabilities http://ow.ly/3cU75z

[ Linux ]  Here’s the xnu/amd64 syscall path. Few interesting things: must use syscall instr, four types of valid syscalls. https://gist.github.com/yrp604/23e86dce9ca12bf514ef

[ Malware ]  POS Malware Tool ‘Treasurehunt’ Targets Small US-Based Banks, Retailers: https://threatpost.com/pos-malware-tool-treasurehunt-targets-small-us-based-banks-retailers/117014/ via @ threatpost

[ Malware ]  “道有道”的对抗之路 - http://blogs.360.cn/360mobile/2016/03/24/analysis_of_daoyoudao/

[ Malware ]  McAfee Labs Unlocks LeChiffre Ransomware https://blogs.mcafee.com/mcafee-labs/mcafee-labs-unlocks-lechiffre-ransomware/

[ Mitigation ]  My exploit for the Flash Isolated Heap http://googleprojectzero.blogspot.com/2016/03/life-after-isolated-heap.html

[ Others ]  影响所有Nexus手机的漏洞,浅析CVE-2015-1805 - https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fbobao.360.cn%2Flearning%2Fdetail%2F2810.html&edit-text=&act=url https://github.com/panyu6325/CVE-2015-1805

[ Others ]  How I Could Compromise 4% (Locked) Instagram Accounts https://www.arneswinnen.net/2016/03/how-i-could-compromise-4-locked-instagram-accounts/

[ Others ]  .@ martingalloAR on SAP archive file formats https://www.troopers.de/media/filer_public/60/07/60072443-f818-44b9-8a61-0d51cba18a35/sapcartalk-slides.pdf https://t.co/JsnogEFEV2

[ Others ]  FBI no longer needs Apple's help to crack encryption on terrorist's iPhone: https://threatpost.com/fbi-breaks-into-terrorists-encrypted-iphone/117043/

[ Pentest ]  HP printer exploitation tool, hijetter.exe source code & library from Phenoelit http://www.phenoelit.org/hp/download.html

[ Popular Software ]  Adobe Flash PCRE Regex Complication Logic Issue https://packetstormsecurity.com/files/136456/GS20160328155434.tgz

[ Popular Software ]  Patch me if you can : https://www.troopers.de/media/filer_public/6e/a1/6ea1f857-11b7-4823-b2a4-9de93213f0f6/troopers16_patch_me_if_you_can_final.pdf (Slides) cc: @ WEareTROOPERS

[ Programming ]  Build web application with Golang : https://astaxie.gitbooks.io/build-web-application-with-golang/content/en/preface.html (Free html book)

[ Sandbox ]  Detecting Wine via internal and legacy APIs http://www.hexacorn.com/blog/2016/03/27/detecting-wine-via-internal-and-legacy-apis/ #DFIR #malware

[ SecurityProduct ]  Attacking Next Generation Firewalls - Breaking PAN-OS : https://www.troopers.de/media/filer_public/a5/4d/a54da07e-3780-4f83-b4ac-8c620666a60a/paloalto_troopers.pdf (Slides*) cc: @ WEareTROOPERS || @ _fel1x

[ ThirdParty ]  [Bug Bounty] http://Uber.com 遠端代碼執行 - Remote Code Execution via Flask Jinja2 Template Injection http://blog.orange.tw/2016/03/bug-bounty-ubercom-ubercom-remote-code.html?m=1

[ ThirdParty ]  Shopping cart app @ ZenCart patched a handful of XSS bugs this month - http://ow.ly/100Wv3

[ Tools ]  Retargetable Decompiler Online https://retdec.com/decompilation/

[ Tools ]  New version of Message Analyzer - Microsoft's own, not wellknown, network traffic logging tool: https://www.microsoft.com/en-us/download/details.aspx?id=44226

[ Tools ]  How to Monitor Your External Network Using Shodan: http://buff.ly/1LLUfRR

[ Tools ]  Just released pysap v0.1.9 on GitHub https://github.com/CoreSecurity/pysap and PyPi https://pypi.python.org/pypi/pysap/!

[ Tools ]  Microsoft.Diagnostics.Runtime Had some time with this over the weekend. Very cool stuff here. https://github.com/Microsoft/dotnetsamples/tree/master/Microsoft.Diagnostics.Runtime/CLRMD

[ Tools ]  Toward Full Elasticity in Distributed Static Analysis http://research.microsoft.com/pubs/258715/tr.pdf

[ Web Security ]  Another full featured webshell with GIF header Sample on VT https://www.virustotal.com/en/file/34c929276d0376ba07bfaae1893c4a1211a50d2b766837dcc2fd292cd25b6284/analysis/ Source http://pastebin.com/FNruff4p https://t.co/LlYjZWCmNo

[ Windows ]  Some Windows Kernel Object Type from XP to 10 https://onedrive.live.com/redir?resid=A352EBC5934F0254%213231 https://t.co/Xcjq8mT3qi

[ Windows ]  Wrote up a post about tracking differences in a process heap manually and with Intel's Pin. http://www.codereversing.com/blog/archives/286 Happy holidays

[ Windows ]  TempRacer – Windows Privilege Escalation Tool http://www.darknet.org.uk/2016/03/tempracer-windows-privilege-escalation-tool/