[ Attack ]  The OurMine group also hacked the Google CEO Sundar Pichai’s Quora account http://securityaffairs.co/wordpress/48784/hacking/ourmine-group-hacked-google-ceo.html

[ Attack ]  Brazilian Telecom Giant “Oi” Websites Hacked https://www.hackread.com/brazilian-telecom-giant-oi-websites-hacked/

[ Browser ]  I wrote up everything I know (and was able to learn) about the script tag -> https://eager.io/blog/everything-I-know-about-the-script-tag/

[ Debug ]  Some interesting papers I didn't know on Heap viz work for debugging: http://research.microsoft.com/en-us/um/people/marron/selectpubs/HeapDebug.pdf / http://www.cs.tufts.edu/research/redline/papers/heapviz-softvis-2010.pdf

[ Detect ]  malspider : A web spidering framework that detects characteristics of web compromises : https://github.com/ciscocsirt/malspider

[ Fuzzing ]  Run AFL on Everything! AFL + QEMU + Linux = CVEs https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/june/project-triforce-run-afl-on-everything/

[ Fuzzing ]  Escaping the Fuzz: Evaluating Fuzzing Techniques and How to Fool them with Anti-Fuzzing https://upload.edholmarna.se/master_thesis-first-draft.pdf

[ macOS ]  A ZFS developer’s analysis of the good and bad in Apple’s new APFS file system http://arstechnica.com/apple/2016/06/a-zfs-developers-analysis-of-the-good-and-bad-in-apples-new-apfs-file-system/

[ Malware ]  Locky Returned With A New Anti-VM Trick: After the recent outage of the Necurs botnet, the Locky developers have… http://j.mp/293fvoN

[ Network ]  ZigBee packet capture http://goo.gl/P8xST2

[ Network ]  Using Shannon's Entropy, Machine Learning, & Bayesian Networks to discover, describe, & visualize IPv6 addresses http://entropy-ip.com/

[ OpenSourceProject ]  Undefined Pointer Arithmetic - OpenSSL Blog https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/

[ Others ]  @ jgrusko PIN 3.0 & VS 2015 : http://holycall.tistory.com/311

[ Others ]  New NCC Group blog post: It only takes one typo in the software supply chain to compromise security https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/it-only-takes-one-typo-in-the-software-supply-chain-to-compromise-security/

[ Others ]  Reflections on Vulnerability Disclosure (2015): https://www.ernw.de/download/ERNW_Newsletter_50_Vulnerability_Disclosure_Reflections_CaseStudy.pdf [PDF]

[ Pentest ]  PowerShell Empire Docker Build : http://www.attactics.org/2016/06/powershell-empire-docker-build.html cc @ harmj0y

[ Pentest ]  Next post in the #EmPyre series: Engaging Active Directory. http://www.rvrsh3ll.net/blog/empyre/empyre-engaging-active-directory/

[ Programming ]  Learn C# online, launched as part of the new .NET Core 1.0 release: https://www.microsoft.com/net/tutorials/csharp/getting-started

[ SecurityProduct ]  Aramadito remote arbitrary file write in case of MiTM http://goo.gl/fb/gdEOCs #FullDisclosure

[ SecurityProduct ]  Panda Security Privilege Escalation http://seclists.org/fulldisclosure/2016/Jun/67

[ Tools ]  DumpFunctionBytes.py - IDA Python script that dumps the current function as a shellcode. https://github.com/agustingianni/Utilities#dumpfunctionbytespy

[ Tools ]  armemu.py - ARM Assembly, Emulation, Disassembly using Keystone, Unicorn, and Capstone https://gist.github.com/mattypiper/d4d90bc5b8fb9a56fa2d4f2383a2eda7

[ Tools ]  So, today I released my old tool to recover deleted information from sqlite databases: https://github.com/aramosf/recoversqlite/ #DFIR

[ Windows ]  Windows 10 UAC bypass with custom Meterpreter payloads https://astr0baby.wordpress.com/2016/06/26/windows-10-uac-bypass-with-custom-meterpreter-payloads/

[ Windows ]  Project Zero: A year of Windows kernel font fuzzing #1: the results http://googleprojectzero.blogspot.com/2016/06/a-year-of-windows-kernel-font-fuzzing-1_27.html