[ Android ]  Android N's cert pinning API is easy-to-implement & flexible. Works with custom certs. https://developer.android.com/preview/features/security-config.html https://t.co/dDrjG8Sxxd

[ Android ]  Android Qualcomm Vulnerability Impacts 60 Percent of Devices: https://threatpost.com/android-qualcomm-vulnerability-impacts-60-percent-of-devices/118191/ via @ threatpost

[ Browser ]  Audio, Battery, WebRTC APIs in HTML5 are all being abused by third-party scripts for fingerprinting : https://webtransparency.cs.princeton.edu/webcensus/index.html#fp-results

[ Browser ]  ZDI-16-338: Microsoft Edge JavaScript shift Method Uninitialized Memory Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-338/

[ Browser ]  ZDI-16-342: (Pwn2Own) Apple Safari TextTrack Object Use-After-Free Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-342/

[ Crypto ]  Gmail Disabling RC4 and SSLv3 SMTP Support https://cryptosense.com/gmail-disabling-rc4-and-sslv3-smtp-support/

[ Crypto ]  Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS https://github.com/nonce-disrespect/nonce-disrespect

[ Debug ]  Detecting KMDs with a single instruction http://www.anti-reversing.com/detecting-kmds-with-a-single-instruction/

[ Detect ]  Hunting rootkits with Windbg v1.1 : http://www.reconstructer.org/papers/Hunting%20rootkits%20with%20Windbg.pdf (pdf) #b2b

[ Mac OS X ]  ZDI-16-345: (Pwn2Own) Apple OS X IntelAccelerator Out-Of-Bounds Indexing Privilege Escalation Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-345/

[ Mac OS X ]  ZDI-16-347: Apple OS X IOAudioFamily Buffer Overflow Privilege Escalation Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-347/

[ Malware ]  document.getMalwareByLanguage ('JavaScript') http://www.crestandiisp.com/wp-content/uploads/2016/03/ThomasLancasterandChrisDoman.pdf

[ Network ]  Our (Silke Holtmanns, me & @ i_j_oliver ) on location tracking in LTE is available now at http://tinyurl.com/iwfslides) & http://tinyurl.com/iwfpaper.

[ Network ]  Anothr cool thesis, by @ anantary: Security Implications of the MLD Protocol in IPv6 Networks https://www.its.fh-muenster.de/doc/Security_Implications_of_MLD_in_IPv6_Networks.pdf (supervisor @ seecurity)

[ Obfuscation ]  X86 Shellcode Obfuscation (Part 2) : https://breakdev.org/x86-shellcode-obfuscation-part-2/ , Part 1 : https://breakdev.org/x86-shellcode-obfuscation-part-1/

[ Others ]  @ spacerog @ wr0 @ WeldPond The slides are available at https://mchow01.github.io/docs/source2016.pdf

[ Others ]  Japanese Docomo makes its smartphone covertly trackable http://securityaffairs.co/wordpress/47476/mobile-2/docomo-trackable-devices.html

[ Others ]  automatically classifying integer overflows as harmful or benign http://dl.acm.org/citation.cfm?id=2884820

[ Others ]  Vote! Finalists of European Security Blogger Awards 2016 https://www.surveymonkey.com/r/secbloggerwards2016

[ Pentest ]  Client-side WarGames - my talk at @ HackInBo 2016 in Bologna. Slides online: http://www.hackinbo.it/wp-content/uploads/2016/05/HackInBO_2016_Orru.pdf Video soon on https://www.youtube.com/channel/UCu6uzKY7A5jQCx9yHUL_vfQ

[ Virtualization ]  #Docker for Mac and Windows introduces new #opensource components: #HyperKit, #DataKit and #VPNKit https://blog.docker.com/2016/05/docker-unikernels-open-source/ via @ docker

[ Windows ]  Nice paper on correlating the UsnJrnl, LogFile, and MFT: http://rp.delaat.net/2015-2016/p18/report.pdf

[ Windows ]  [Blog Post] To Disarm Device Guard - Bring a Debugger to the Fight. Proof Of Concept http://subt0x10.blogspot.com/2016/05/to-disarm-device-guard-bring-debugger.html Feedback Welcome. Cheers

[ Windows ]  [PDF] Zip [~83 Mb] with specifications of Microsoft Office File Formats Protocols. http://download.microsoft.com/download/2/4/8/24862317-78F0-4C4B-B355-C7B2C1D997DB/OfficeFileFormatsProtocols.zip https://t.co/2iX6l250k5