[ Attack ]  How the Iranian Government Hacks Dissidents https://www.schneier.com/blog/archives/2016/08/how_the_iranian.html

[ Attack ]  Russian APTs Prefer #Windows, Office, Internet Explorer Exploits http://buff.ly/2aZ3EIb #cyberespionage #microsoft https://t.co/4lc3j5bcIG

[ Browser ]  IE local path disclosure vulnerability using sandbox iframes resolved in #MS16095 #CVE20163321 https://www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html

[ Browser ]  ZDI-16-454: Microsoft Internet Explorer CAnchor Use-After-Free Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-454/

[ Crypto ]  Now at #WOOT16: “Acceleration Attacks on PBKDF2: Or, What Is inside the Black-Box of oclHashcat?” https://www.usenix.org/conference/woot16/workshop-program/presentation/ruddick

[ Debug ]  Disable Single Step Debug in Windbg https://drive.google.com/file/d/0B1S_tnrAkUvsTnJuVVRDNmIzTDQ/view?pref=2&pli=1

[ Firmware ]  Basic Input/Output: The Binwalk Firmware Analysis Tool http://www.basicinputoutput.com/2016/08/the-binwalk-firmware-analysis-tool.html#.V6n0LpMYFP4.twitter @ devttyS0

[ macOS ]  mahalo @ defcon for incredible time :) posted my slides: "I got 99 Problems, but Little Snitch ain’t one!" https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one #defcon24

[ Malware ]  Cracking Orcus RAT http://blog.deniable.org/blog/2016/08/09/cracking-orcus-rat/

[ Malware ]  Banload Trojan Targets Brazilians With Malware Downloads https://blogs.mcafee.com/mcafee-labs/banload-trojan-targets-brazilians-with-malware-downloads/

[ OpenSourceProject ]  GNU Bash 4.3 Out of bounds http://www.openwall.com/lists/oss-security/2016/08/05/2 #infosec #linux #kernel #bash

[ Others ]  Exodus announces new acquisition program for both Zero-Day and N-Day vulnerabilities https://blog.exodusintel.com/2016/08/09/exodus-announces-new-acquisition-program-for-both-zero-day-and-n-day-vulnerabilities/

[ Others ]  An Introduction to Use After Free Vulnerabilities https://www.purehacking.com/blog/lloyd-simon/an-introduction-to-use-after-free-vulnerabilities

[ Pentest ]  Here is the tool @ NotMedic and I released at @ DEFCON. Scans for accessibility tools backdoors on Windows. https://github.com/linuz/Sticky-Keys-Slayer

[ Popular Software ]  You get a break: No @ adobe #Flash Player security update for August. https://threatpost.com/a-month-without-adobe-flash-player-patches/119770/

[ Tools ]  The Witchcraft Compiler Collection source code as seen at @ defcon is on github (MIT License): https://github.com/endrazine/wcc #ReverseEngineering

[ Windows ]  Microsoft GDI+ out-of-bounds reads in DIB palette handling in ValidateBitmapInfo https://code.google.com/p/google-security-research/issues/detail?id=829

[ Windows ]  Microsoft Security Bulletin Summary for August 2016 https://technet.microsoft.com/library/security/ms16-aug

[ Windows ]  New advisory and POC for MS16-099 at https://smsecurity.net/microsoft-office-word-out-of-bounds-read-remote-code-execution-cve-2016-3313/, https://cosig.gouv.qc.ca/en/cosig-2016-31-en/

[ Windows ]  [local] - Microsoft Windows Group Policy - Privilege Escalation (MS16-072) https://www.exploit-db.com/exploits/40219/

[ Windows ]  Virtual machines based Windows 10 Enterprise Evaluation, Version 1607 for Windows developers https://developer.microsoft.com/en-us/windows/downloads/virtual-machines https://t.co/Fq7s1XexLq

[ Windows ]  ZDI-16-449: Microsoft Windows win32k RGNOBJ Integer Overflow Privilege Escalation Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-449/

[ Windows ]  ZDI-16-451: Microsoft Office Word RTF JPEG Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-451/

[ Windows ]  ZDI-16-453: Microsoft Windows xxxInsertMenuItem Out-Of-Bounds Access Privilege Escalation Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-453/