[ Android ]  Signal is using docker and a custom apk signature verifier to do (mostly) reproducible builds : https://whispersystems.org/blog/reproducible-android/

[ Android ]  How to test for CVE-2016-2402 and similar certificate pinning flaws https://koz.io/pinning-cve-2016-2402/

[ Attack ]  #Unit42 analyst @ malware_traffic explains how the #ElTest campaign's path to Angler EK evolved over time http://bit.ly/25z9qnT

[ Attack ]  Why Hospitals Are the Perfect Targets for Ransomware http://www.wired.com/2016/03/ransomware-why-hospitals-are-the-perfect-targets/ via @ WIRED

[ Attack ]  WordPress and Joomla users get hacked with fake jQuery https://blog.avast.com/wordpress-and-joomla-users-get-hacked-be-aware-of-fake-jquery

[ Browser ]  CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities http://www.onarlioglu.com/publications/ndss2016crossfire.pdf

[ Browser ]  Finally got around to finish the blog post about Chromium's process model - https://netsekure.org/2016/03/30/chromium-internals-process-model/.

[ Cloud ]  Slides from my Build session, "Building Resilient Services: Learning Lessons from Azure": https://onedrive.live.com/redir?resid=D026B4699190F1E6!2604&authkey=!AGgJt8z0FW6pZ0U&ithint=file%2cpptx https://t.co/F9BUl1su7T

[ Defend ]  Disrupt the Attack Chain: @ Rapid7's Approach to Incident Detection & Response [INFOGRAPHIC] https://www.rapid7.com/resources/infographics/rapid7-insightidr-disrupt-the-attack-chain.jsp https://t.co/HYxvAfOsYi

[ Detect ]  Save time & identify security alerts that matter. Read our eBook: http://bddy.me/1UEHVpC #DFIR #cybersecurity https://t.co/3z1OFxhpBt

[ Exploit ]  64-bit Linux Return-Oriented Programming : http://crypto.stanford.edu/~blynn/rop/

[ Exploit ]  Combining x86 and x64 shellcode for Linux https://odzhan.wordpress.com/2016/03/31/x64-shellcodes-linux/

[ Exploit ]  Understanding Process Memory (Win32) : https://drive.google.com/file/d/0B0tBYiOD2uG7SlI2YzdQbnRlbUk/view cc: @ k3170Makan

[ Fuzzing ]  I'm proud to announce a radically new version of AFL: http://lcamtuf.coredump.cx/afl/

[ Hardware ]  How To Build Your Own Rogue GSM BTS For Fun And Profit https://evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/

[ iOS ]  [Blog] You Down 'Wit XPC - http://www.lifeform-labs.com/blog/2016/3/31/you-down-wit-xpc #mobile #ios

[ iOS ]  . #SideStepper Allows for MiTM Between #iOS Devices, MDM Tools: https://threatpost.com/sidestepper-allows-for-mitm-between-ios-devices-mdm-tools/117103/ via @ threatpost

[ Linux ]  Have a Linux ext4 data corruption bug… "ext4 data corruption due to punch hole races" (some security implications). https://bugzilla.suse.com/show_bug.cgi?id=972174

[ Malware ]  New post: Tax Day Extortion: PowerWare Crypto-ransomware Targets Tax Files http://bit.ly/22RrydY @ TrendMicro

[ Malware ]  The evolution of Brazilian #Malware - https://kas.pr/aK46 #brazil https://t.co/thhhhPNs5S

[ Malware ]  More about #Petya Stage 1 decryptor: https://hshrzd.wordpress.com/2016/03/31/petya-key-decoder/ - tests in progress, any remarks welcome!

[ Malware ]  The Linux Remaiten malware is building a Botnet of IoT devices http://securityaffairs.co/wordpress/45820/iot/linux-remaiten-iot-botnet.html

[ Malware ]  Top Exploit Kits Round Up | March Edition https://blog.malwarebytes.org/threat-analysis/exploits-threat-analysis/2016/03/top-exploit-kits-round-up-march-edition/

[ Malware ]  Fileless Infections: An Overview https://blog.malwarebytes.org/cybercrime/2016/03/fileless-infections-an-overview/

[ Mitigation ]  Code-Pointer Integrity http://dslab.epfl.ch/proj/cpi/

[ Others ]  [BLOG] Implementing a Custom Directive Handler in #Clang http://blog.quarkslab.com/implementing-a-custom-directive-handler-in-clang.html

[ Others ]  Lots of pre-auth command injections in Netgear products. Vendor was unresponsive after 90 days so released. https://www.blackhat.com/docs/asia-16/materials/asia-16-Costin-Automated-Dynamic-Firmware-Analysis-At-Scale-A-Case-Study-On-Embedded-Web-Interfaces.pdf Slide 35

[ Others ]  Releasing "Bypassing Browser Security Policies For Fun And Profit" WhitePaper + Slides + Test Suite - http://goo.gl/0VsUG6 #SOP #BHASIA

[ Others ]  New Blogpost: https://blog.binaryedge.io/2016/03/31/security-of-a-country-portugal/ - Security of a country - Portugal

[ Pentest ]  Burp Tips/Tricks for Non-Webapp Testing - Part 1: Interception & Proxy Listeners : http://parsiya.net/blog/2016-03-27-burp-tips-and-tricks-for-non-webapp-testing---part-1-interception-and-proxy-listeners/ ,Part 2: http://parsiya.net/blog/2016-03-29-burp-tips-and-tricks-for-non-webapp-testing---part-2-history-intruder-scanner-and-more/

[ Pentest ]  RWSH (Ray's Web SHell) - A semi-interactive PHP web shell and Python client http://www.doyler.net/security-not-included/introducting-rwsh-rays-web-shell

[ Popular Software ]  Docker UI v0.10.0 - Multiple Client Side Cross Site Request Forgery Web… http://goo.gl/fb/usGRzA #FullDisclosure

[ Sandbox ]  Subgraph's sandboxing Oz looks very promising: https://github.com/subgraph/oz you can sandbox arbitrary applications with seccomp and NS seperation

[ ThirdParty ]  Vulnerability Spotlight: Lhasa (LZH/LHA) Integer Underflow Exploit http://blogs.cisco.com/security/talos/vulnerability-spotlight-lhasa-integer-underflow-exploit

[ ThirdParty ]  Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability http://goo.gl/fb/7wIVj2 #FullDisclosure

[ Tools ]  Download all of Microsoft's patches and symbols with our new tool https://github.com/NorthBit/bulletin-scraper

[ Tools ]  Online tool to quickly find common rop gadgets in executables http://ropshell.com/

[ Tools ]  Our rupture tool implementing compression side-channel TLS attacks is now open source: https://ruptureit.com

[ Web Security ]  Trend Micro (SSO) - (Backend) SSO Redirect & Session Vulnerability http://goo.gl/fb/QQ5GaV #FullDisclosure

[ Windows ]  From Telemetry to Open Source: an Overview of Windows 10 Source Tree http://blog.ptsecurity.com/2016/03/from-telemetry-to-open-source-overview.html

[ Windows ]  Interesting CFG Improvements in Redstone 1 ("Windows Anniversary Update") https://t.co/P7suiVGg8B

[ Windows ]  Mind The Gap – Exploit Free Whitelisting Evasion Tactics https://www.insinuator.net/2016/03/mind-the-gap-exploit-free-whitelisting-evasion-tactics/

[ Windows ]  Run iOS Simulator inside Visual Studio on your PC. What is life even? #Build2016