[ Android ]  First post in the new zero-to-TrustZone series is up! Exploring QSEE - Qualcomm's Secure Execution Environment. http://bits-please.blogspot.com/2016/04/exploring-qualcomms-secure-execution.html

[ Attack ]  The hacker group Armada Collective, is threatening VPN providers with DDOS attacks http://www.digitaltrends.com/computing/blackvpn-armada-collective-ddos-threats-ransom-demands/ via @ DigitalTrends

[ Attack ]  Our latest blog digs deep into the PLATINUM APT group: http://ow.ly/4n5SNc

[ Attack ]  Forcepoint Security Labs Publishes 2016 Global Threat Report: Forcepoint™ Security Labs™… http://j.mp/1SHopFF https://t.co/zl4z4ERFwt

[ Attack ]  2016 VZN data breach report is out. Top hits: old bugs, outdated Flash, unpatched Joomla/Wordpress 3rd party plugins http://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_Insiders_en_xg.pdf

[ Attack ]  Time Is Money: GozNym Launches Redirection Attacks in Poland http://ow.ly/4n7cF6

[ Challenges ]  H5SC Mini-Challenge "XSS Metaphor" 5 - The Write-Up https://github.com/cure53/XSSChallengeWiki/wiki/H5SC-Mini-Challenge-5 #beta

[ Debug ]  Debugging memory corruption : http://blogs.unity3d.com/2016/04/25/debugging-memory-corruption-who-the-hell-writes-2-into-my-stack-2/ https://t.co/4auyvnA7ad

[ Forensics ]  Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response http://www.darknet.org.uk/2016/04/google-rapid-response-grr-remote-live-forensics-for-incident-response/

[ Fuzzing ]  Fuzzing Language Interpreters Using Regression Tests http://sean.heelan.ie/2016/04/26/fuzzing-language-interpreters-using-regression-tests/

[ Hardware ]  Malware and non-malware ways for #ATM #jackpotting https://securelist.com/analysis/publications/74533/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/

[ Hardware ]  Roundup of community-backed x86 hacker SBCs http://hackerboards.com/roundup-of-x86-hacker-sbcs/

[ Linux ]  New Linux random number generator is coming http://www.chronox.de/lrng/doc/lrng.pdf According to comments https://news.ycombinator.com/item?id=11561340 it's crap.

[ Linux ]  UAF in Linux kernel 4.4 if "unprivileged_bpf_disabled" is not set (default): http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7 grsec still requires CAP_SYS_ADMIN

[ Mac OS X ]  MISTool:query #iOS libmis(#signature/profile validation)+reversed #headers. http://newosxbook.com/tools/mistool.html open src #MOXiI https://t.co/Rq0MIgpGOn

[ Malware ]  How #Ransomware and Malware use Microsoft Windows’ Known Binaries | Check Point Blog http://blog.checkpoint.com/2016/04/26/how-ransomware-and-malware-use-microsoft-windows-known-binaries/

[ Malware ]  Ransomware in your inbox: the rise of malicious JavaScript attachments http://feedproxy.google.com/~r/nakedsecurity/~3/0ViimWsBitQ/

[ Malware ]  Uncovering a ransomware distribution operation (Part 2 ) : https://reaqta.com/2016/04/uncovering-ransomware-distribution-operation-part-2/ , Part 1 : https://reaqta.com/2016/04/uncovering-a-ransomware-distribution-operation/

[ Malware ]  #CIH Virus aka #Chernobyl source code https://github.com/onx/CIH

[ Malware ]  New Decryptor Unlocks CryptXXX Ransomware https://threatpost.com/new-decryptor-unlocks-cryptxxx-ransomware/117668/

[ Others ]  Breaking #Steam client crypto with padding oracle attacks https://steamdb.info/blog/breaking-steam-client-cryptography/

[ Others ]  A vendor perspective on crowd sourced penetration tests: https://blogs.adobe.com/security/2016/04/a-vendor-perspective-on-crowd-sourced-penetration-tests.html via @ peleusuhley

[ Others ]  Great writeup of the Tor deanonymization tool used by the FBI. Similar to Metasploit Decloak, but different codebase https://twitter.com/csoghoian/status/725066035427201025

[ Others ]  Metamorphic Code Generator based on bytecode of LLVM IR http://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=1437&context=etd_projects

[ Others ]  @ fdfalcon FYI: we discussed precisely this bug type in our 2009 "Attacking Interoperability" paper: http://hustlelabs.com/stuff/bh2009_dowd_smith_dewey.pdf (~pg 67)

[ Others ]  My brief notes on "Automatic generation of hybrid data structure signatures from binary code executions": http://argp.github.io/2016/04/26/artiste/

[ ReverseEngineering ]  Defusing a binary bomb with gdb (Part 4) : http://blog.carlosgaldino.com/2016/04/25/defusing-a-binary-bomb-with-gdb-part-4.html , Part 3 : http://blog.carlosgaldino.com/2015/12/03/defusing-a-binary-bomb-with-gdb-part-3.html, Part 2 : http://blog.carlosgaldino.com/2015/11/19/defusing-a-binary-bomb-with-gdb-part-2.html

[ SecurityProduct ]  How a spamfilter can help you to drop a shell https://forsec.nl/2016/04/how-a-spamfilter-can-help-you-phish/

[ Tools ]  Anti-Sandbox and Anti-Virtual Machine Tool, Sems https://goo.gl/mjDD8z

[ Tools ]  Writing a dynamic x86_64 assembler in Scala : https://github.com/guillaumebort/scasm

[ Virtualization ]  Hypervisor Top Level Functional Specification v4.0 on github - https://github.com/Microsoft/Virtualization-Documentation/blob/master/tlfs/Hypervisor%20Top%20Level%20Functional%20Specification%20v4.0.pdf read as hyper-v top-level internals documented

[ Web Security ]  Trend Micro (Account) - Email Spoofing Web Vulnerability http://goo.gl/fb/XK6mrK #FullDisclosure

[ Windows ]  Now published: PowerShell Remoting Security Considerations - https://msdn.microsoft.com/en-us/powershell/scripting/topic/winrmsecurity

[ Windows ]  The side effect of removing the VDM by default on Windows 8 to solve the kernel NPD problem, Session 0 access :-) https://bugs.chromium.org/p/project-zero/issues/detail?id=692