[ Android ]  Android security :) (Source) https://conference.hitb.org/hitbsecconf2016ams/materials/D1T2%20-%20Tim%20Xia%20-%20Adaptive%20Android%20Kernel%20Live%20Patching.pdf https://t.co/sXF0BMojyH

[ Android ]  The Latest Android Overlay Malware Spreading via SMS Phishing in Europe https://www.fireeye.com/blog/threat-research/2016/06/latest-android-overlay-malware-spreading-in-europe.html

[ Attack ]  Myspace database leak dump http://myspace.thecthulhu.com

[ Detect ]  DOUBLETAKE: Fast and Precise Error Detection via Evidence-Based Dynamic Analysis http://arxiv.org/pdf/1601.07962.pdf

[ Linux ]  Preventing malicious attacks by diversifying Linux shell commands : http://ceur-ws.org/Vol-1525/paper-15.pdf

[ Linux ]  Since this is public now, here's the netfilter target_offset Ubuntu 16.04 local root exploit https://cyseclabs.com/exploits/target_offset_vnik.zip

[ Linux ]  Paper on: Exploiting ELF `$ORIGIN` expansion in IllumOS/Solaris: http://backtrace.io/blog/blog/2016/06/29/exploiting-elf-expansion-variables/

[ Malware ]  Espionage toolkit targeting Central and Eastern Europe uncovered: http://www.welivesecurity.com/2016/07/01/espionage-toolkit-targeting-central-eastern-europe-uncovered/ via @ ESET https://t.co/COorJm9Mb8

[ Malware ]  Cracking Locky’s New Anti-Sandbox Technique http://blog.fortinet.com/2016/06/30/cracking-locky-s-new-anti-sandbox-technique

[ Network ]  LizardStresser IoT Botnet Part of 400Gbps DDoS Attacks https://threatpost.com/lizardstresser-iot-botnet-part-of-400gbps-ddos-attacks/119006/

[ OpenSourceProject ]  A nice uptodate ptmalloc reference by @ SpamAndHex teammate GyM: https://github.com/gymgit/glibc-2.23-tmp/blob/master/slides/heap_going.pdf - very handy for CTF!

[ Others ]  CDitter – CD-ROM drive based data exfiltration : https://www.anfractuosity.com/projects/cditter/ , Github : https://github.com/anfractuosity/cditter/

[ Others ]  Phoenix Exploit Kit Remote Code Execution https://packetstormsecurity.com/files/137728/phoenix-exec.txt

[ Others ]  SIemens patched something it calls a password reconstruction vulnerability in some of its software this week - http://ow.ly/cCQl301QBtL

[ Pentest ]  Shell No! Adversary Web Shell Trends and Mitigations (Part I) https://www.recordedfuture.com/web-shell-analysis-part-1/

[ Popular Software ]  Jenkins Remoting RCE II – The return of the ysoserial https://www.insinuator.net/2016/07/jenkins-remoting-rce-ii-the-return-of-the-ysoserial/

[ Tools ]  My good friend @ GaborSzappanos did this awesome write up on Office exploit generators, https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-office-exploit-generators-szappanos.pdf [link to PDF]

[ Web Security ]  My #AppSecEu slides for "From Facepalm to Brain Bender: Exploring Client-Side XSS" are available at https://ben-stock.de/wp-content/uploads/2016/06/owasp2016.pdf

[ Web Security ]  Slides of "Making CSP great again!" presented at #AppSecEU: https://speakerdeck.com/mikispag/making-csp-great-again-michele-spagnuolo-and-lukas-weichselbaum - introducing #strictdynamic and a new way of doing CSP.

[ Web Security ]  Magento – Account Hijacking Vulnerabilities : http://netanelrub.in/2016/07/01/magento-re-installation-account-hijacking-vulnerabilities/

[ Windows ]  SLIDES: From zero to SYSTEM on full disk encrypted windows system #MS16-072 #MS16-014 http://www.slideshare.net/NabeelAhmed7/from-zero-to-system-on-full-disk-encrypted-windows-system @ hackinparis @ tgilis

[ Windows ]  Project Zero blog: "A year of Windows kernel font fuzzing #2: the techniques" by @ j00ru - https://goo.gl/QXfhSK