[ Android ]  Android Hacking: Dumping and Analyzing Application’s Memory http://resources.infosecinstitute.com/android-hacking-dumping-and-analyzing-applications-memory/

[ Android ]  Banking Trojan Outwits Google Verify Apps Scanner https://threatpost.com/banking-trojan-outwits-google-verify-apps-scanner/118142/

[ Attack ]  New Angler Campaign Hacks 19 Websites, including UltraVNC http://www.cyphort.com/angler-hacks-vnc/

[ Attack ]  Notorious Hacking Groups in mid 2016 http://marcoramilli.blogspot.com/2016/05/notorious-hacking-groups-in-mid-2016.html

[ Browser ]  New Blog Post + Quick Tool: Chrome History Parser http://sketchymoose.blogspot.co.uk/2016/05/chrome-history-parser-chp.html #DFIR Sorry its been a while peeps!

[ Browser ]  Most ES6, including Modules, are supported by latest Edge preview. All ES7 proposals too https://blogs.windows.com/msedgedev/2016/05/17/es6-modules-and-beyond/

[ Conference ]  Slides from Andrew Hay's Bootstrapping a Security Research Project talk at Hackmiami Conference 2016 https://speakerdeck.com/andrewsmhay/hack-miami-2016-bootstrapping-a-security-research-project #hackmiami

[ Crypto ]  Academics Make Theoretical Breakthrough in Random Number Generation #cryptography: https://threatpost.com/academics-make-theoretical-breakthrough-in-random-number-generation/118150/ via @ threatpost

[ Detect ]  Finding Advanced Malware Using Volatility : https://eforensicsmag.com/finding-advanced-malware-using-volatility/ cc: @ JPoForens || @ monnappa22 #b2b

[ Detect ]  Control Flow Graph Based Multiclass Malware Detection Using Bi-normal Separation https://tuts4you.com/download.php?view.3668

[ Detect ]  Function Call Graph Score for Malware Detection http://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=1438&context=etd_projects

[ Forensics ]  Radically improved Volatility Framework plugin for recovering BitLocker encryption keys (FVEK): https://github.com/elceef/bitlocker #DFIR

[ Linux ]  Synchronization primitives in the Linux kernel (Part 5) - reader/writer semaphores: https://github.com/0xAX/linux-insides/blob/master/SyncPrim/sync-5.md //linux-insides cont'd cc @ 0xAX

[ Linux ]  rust.ko : A minimal Linux kernel module written in rust : https://github.com/tsgates/rust.ko

[ Linux ]  Major Remote SSH Security Issue in CoreOS Linux Alpha, Subset of Users Affected : https://coreos.com/blog/alpha-security-incident-subset-of-users-affected.html

[ Mac OS X ]  Ostiarius now compat w/ OS X 10.11.5: https://objective-see.com/products/ostiarius.html FYI; by design must reinstall after OS update (uses private OS X kern structs)

[ OpenSourceProject ]  A brand new #Magento 0-day! http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/

[ Popular Software ]  [ERPSCAN-16-009] SAP xMII - directory traversal vulnerability http://goo.gl/fb/koLQvK #FullDisclosure

[ Popular Software ]  [ERPSCAN-16-008] SAP NetWeaver AS JAVA - XSS vulnerability in ProxyServer… http://goo.gl/fb/DoyzzG #FullDisclosure

[ Popular Software ]  A little explanation of an old heap overflow bug in Foxit Reader https://scoding.de/analsysis-of-a-heap-overflow-in-foxit-reader

[ ReverseEngineering ]  Introduction to x64 Assembly : https://software.intel.com/sites/default/files/m/d/4/1/d/8/Introduction_to_x64_Assembly.pdf (pdf)

[ SecurityProduct ]  Kernel memory corruption in Symantec/Norton antivirus, CVE-2016-2208 (more patches soon). https://bugs.chromium.org/p/project-zero/issues/detail?id=820 https://t.co/F22xDIelSU

[ Tools ]  GPU-Disasm - A GPU-based x86 Disassembler https://tuts4you.com/download.php?view.3665

[ Web Security ]  The Sleepy User Agent http://blog.cloudflare.com/the-sleepy-user-agent/

[ Web Security ]  A great list of some awesome bug bounty writeups: https://forum.bugcrowd.com/t/researcher-resources-bounty-bug-write-ups/1137

[ Web Security ]  Sleeping stored Google XSS Awakens a $5000 Bounty https://blog.it-securityguard.com/bugbounty-sleeping-stored-google-xss-awakens-a-5000-bounty/

[ Web Security ]  XSS Auditor Bypasses 05.2016 https://html5sec.org/xssauditor/bypasses-052016 (someone asked for PoC and test-case, here you are)

[ Web Security ]  How I bypassed Facebook CSRF Protection again ;) http://pouyadarabi.blogspot.com/2016/05/how-i-bypassed-facebook-csrf-in-2016.html https://t.co/qV7LDZJ6pR

[ Windows ]  [dos] - Microsoft Excel 2010 - Crash PoC: Microsoft Excel 2010 - Crash PoC http://bit.ly/1sjUOsY

[ Windows ]  A nice article about techniques behinds PolyHook, a Capstone-powered hooking engine to replace Microsoft Detours. http://www.codeproject.com/Articles/1100579/PolyHook-The-Cplusplus-x-x-Hooking-Library

[ Windows ]  Windows gdi32.dll heap-based buffer overflow in ExtEscape() triggerable via EMR_EXTESCAPE EMF record https://bugs.chromium.org/p/project-zero/issues/detail?id=731