[ Android ]  Android Security July PoCs: CVE-2016-3797: http://goo.gl/Ts63GG 3794: http://goo.gl/3nLvzg 3813: http://goo.gl/VduZpw

[ Android ]  Breaking Into the KeyStore: A Practical Forgery Attack Against Android KeyStore http://eprint.iacr.org/2016/677

[ Android ]  Five More Critical @ MediaTek Kernel Vuls Identified by @ C0RETeam: CVE-2016-3770~3774 (from Google's July Update https://source.android.com/security/bulletin/2016-07-01.html)

[ Android ]  NCC Group's Justin Taft credited for Priv Esc Vuln in Graphics Driver (CVE-2016-2067) in all Android from CAF - https://www.codeaurora.org/privilege-escalation-vulnerability-graphics-driver-cve-2016-2067

[ Android ]  Samsung Android JACK ASLR bypass and privilege escalation by p0 https://bugs.chromium.org/p/project-zero/issues/detail?id=795 https://bugs.chromium.org/p/project-zero/issues/detail?id=796

[ Attack ]  New post: BEBLOH Expands to Japan in Latest Spam Attack http://bit.ly/29vlweo @ TrendMicro

[ Attack ]  Details on the Realstatistics[.](info|pro) campaign: https://blog.sucuri.net/2016/07/joomla-wordpress-affected-by-realstatistics-infection-campaign-distributing-randsomware-malware.html Thousands of sites infected and distributing ransonware

[ Attack ]  Trillian Blog and Forums pwned, emails + salted MD5s stolen https://www.trillian.im/help/trillian-blog-and-forums-security-incident/

[ Browser ]  Firefox - Same-Origin Policy bypass (CVE-2015-7188) : http://blog.bentkowski.info/2016/07/firefox-same-origin-policy-bypass-cve.html

[ Cloud ]  Hardening #OpenStack Cloud Platforms against Compute Node Compromises http://seclab.cs.sunysb.edu/seclab/pubs/asiaccs16.pdf [PDF] https://t.co/4hJfoDSmoR

[ Hardware ]  Introducing OpenCellular: An open source wireless access platform. https://code.facebook.com/posts/1754757044806180/

[ Linux ]  [CVE-2016-4794/6162] Two linux kernel bugs https://marcograss.github.io/security/linux/2016/07/06/two-linux-kernel-bugs.html

[ macOS ]  There's a OS X (ahem macOS) backdoor around dumping and stealing keychain. Downloader is distributed in a ZIP file http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/

[ Malware ]  New paper: New Keylogger on the Block, by Sophos's Gabor Szappanos https://www.virusbulletin.com/virusbulletin/2016/07/new-keylogger-block/ https://t.co/n8Tvzxn2Fl

[ MalwareAnalysis ]  Loffice - Analyzing malicious documents using WinDbg : https://thembits.blogspot.in/2016/06/loffice-analyzing-malicious-documents.html

[ MalwareAnalysis ]  zer0m0n v1.0 (compatible with cuckoo 2.0) : https://github.com/angelkillah/zer0m0n last release before official integration @ cuckoosandbox @ skier_t

[ Network ]  The internet is big, and so is the internet routing protocol of choice: BGP #Visualizing #BGP @ mattlfinn ~ https://engasylum.net/2016/07/03/visualizing-bgp/

[ Others ]  Application of Signature and Encryption Vulnerability Detecting Burp Plug-In http://en.wooyun.io/2016/07/01/55.html

[ Others ]  http://bugbounty.fail - A collection of the weirdest and funniest bug bounty reports out there. Dear @ CiPHPerCoder, I feel sorry for you.

[ Others ]  NCC Group Blog: An open source ransomware simulator - understand the potential impact - https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/july/ransomware-how-vulnerable-is-your-system/ #ransomware by @ dntbug

[ Others ]  The Design and Implementation of the Tor Browser : https://www.torproject.org/projects/torbrowser/design/

[ Others ]  Just blogged: Everything you need to know about loading a free Let's Encrypt certificate into an Azure website http://ift.tt/29h5xLb

[ Others ]  Continuous Security in the DevOps World: https://jvehent.github.io/continuous-security-talk/#/, via @ jvehent https://t.co/HCWulBSdpe

[ Pentest ]  Leveraging MS16-032 with #PowerShell Empire: https://warroom.securestate.com/leveraging-ms16-032-powershell-empire/ https://t.co/ZEcdBbPxNR

[ Popular Software ]  CVE ID Request : OpenFire multiple vulnerabilities http://goo.gl/fb/vIkb8I #FullDisclosure

[ Popular Software ]  Vuln: Oracle Java SE and JRockit CVE-2016-3427 Remote Security Vulnerability http://www.securityfocus.com/bid/86421

[ Popular Software ]  Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979) - SANS Internet Storm Center http://ow.ly/N549301XVR3

[ Popular Software ]  Putty (beta 0.67) DLL Hijacking Vulnerability http://goo.gl/fb/6LLLg0 #FullDisclosure

[ Tools ]  Webasm is a web-based tool to encode/decode instructions using Keystone & @ capstone_engine! https://github.com/pmarkowsky/webasm https://t.co/xHjbTsfR6S

[ Tools ]  Added a few new features to OleViewDotNet including Python filters for the tree viewer. https://github.com/tyranid/oleviewdotnet https://t.co/HX6iKMSg9g

[ Tools ]  Scansploit - Tool for Injecting Malicious Payloads Into Barcodes (code128, QRCodes, DataMatrix and EAN13) -- http://www.kitploit.com/2016/06/scansploit-tool-for-injecting-malicious.html

[ Tools ]  How to write an emulator (CHIP-8 interpreter) : http://www.multigesture.net/articles/how-to-write-an-emulator-chip-8-interpreter/

[ Tools ]  #LaZagne project 1.3 for #Windows with fewer bugs & smaller binary now available - https://github.com/AlessandroZ/LaZagne/releases

[ Web Security ]  Cookie Shadow Path Injection : https://c0nradsc0rner.wordpress.com/2016/07/06/cookie-shadow-path-injection/

[ Windows ]  Overview Windows logons - when do reusable credentials remain on destination systems? Guide: https://technet.microsoft.com/en-us/library/mt631193.aspx#T0E_BM https://t.co/kgqSS9pxbW

[ Windows ]  GuardMon disables PatchGuard on Windows 10 x64 using VT-x. details & code - http://igorkorkin.blogspot.com/2016/06/monitoring-controlling-kernel-mode.html video demo - http://youtube.com/watch?v=PUcBtd0fZeA