[ Android ]  If you're curious about my keynote at #WOOT16, check out the slides here: https://www.usenix.org/conference/woot16/workshop-program/presentation/drake

[ Attack ]  Dota 2 forum breach leaks 2 million user accounts http://www.zdnet.com/article/dota-2-players-targeted-by-forum-hackers-in-new-breach/#ftag=RSSbaffb68

[ Attack ]  MONSOON - Analysis Of An APT Campaign https://shar.es/1ZIxgp via @ Forcepointsec

[ Attack ]  摩诃草APT组织大揭秘 by 360 https://ti.360.com/upload/report/file/mkczzbg1.pdf

[ Browser ]  Both reported to secure@ microsoft.com Edge XSS Filter bypass: http://www.cracking.com.ar/bugs/2016-07-14/ Address Bar spoof: http://www.cracking.com.ar/bugs/ms/spoofy.html

[ Debug ]  How does gdb work? http://jvns.ca/blog/2016/08/10/how-does-gdb-work/

[ Fuzzing ]  Fuzz Windows Kernel via Javascript (the english version in github) https://github.com/tinysec/public/blob/master/FuzzWindowsKernelViaJavascript/en.md

[ Hardware ]  #usenix2016 Flip Feng Shui: Breaking VM isolation w #Rowhammer + mem dedup [get eg RSA keys] https://www.vusec.net/projects/flip-feng-shui/ https://t.co/hpk5VW7zrD

[ Network ]  Ths is huge (mostly Linux affectd): Off-Path TCP Exploits: Global Rate Limit Cons. Dangerous http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf https://t.co/4NmTHozgEs

[ Network ]  Toxic Proxies @ defcon slides https://speakerdeck.com/noxrnet/toxic-proxies-bypassing-https-and-vpns-to-pwn-your-online-identity, demo video https://www.youtube.com/watch?v=z1XOCYV9jMQ and source code https://github.com/ctxis/pac-leak-demo released

[ NetworkDevice ]  Juniper provides hotfixes for IPv6 DDoS flaw. https://threatpost.com/juniper-hotfixes-shut-down-ipv6-ddos-vulnerability/119812/

[ OpenSourceProject ]  Analysis of PHP's CVE-2016-6289 and CVE-2016-6297 http://blog.fortinet.com/2016/08/10/analysis-of-php-s-cve-2016-6289-and-cve-2016-6297

[ OpenSourceProject ]  php 5.6.24 one liner fixed null pointer memory access https://marcograss.github.io/bug/2016/08/10/php-5-nptr.html

[ Operating System ]  Writing a Simple Operating System from Scratch (PDF) https://www.cs.bham.ac.uk/~exr/lectures/opsys/10_11/lectures/os-dev.pdf

[ Others ]  BSODomizer HD: A mischievous FPGA and HDMI platform for the (m)asses (#defcon2016 w/ Zoz) materials are up: http://bsodomizer.com/hd/

[ Others ]  Two of our papers presented tomorrow at Usenix: - Cache attacks on ARM https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/lipp - DRAM side channels https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/pessl

[ Others ]  Super proud too :) Paper here: https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/melicher https://twitter.com/lujobauer/status/763401182798753793

[ Others ]  .@ eric_conrad talks about the SSH timing bug and releases a tool to extract usernames. http://www.sans.org/u/k4X https://github.com/eric-conrad/enumer8

[ Others ]  Unmasking SSH behind hidden services (.onion) with OSINT and their clearnet fingerprint http://www.automatingosint.com/blog/2016/08/dark-web-osint-with-python-part-two-ssh-keys-and-shodan/ #Tor #onion #privacy #opsec

[ Popular Software ]  [CVE-2016-XXXX] Foxit PDF reader memory corruption - https://marcograss.github.io/security/bug/cve/2016/08/08/foxit-pdf-reader.html

[ Tools ]  A a very cool-looking tool that creates vulnerable VMs for education. Vulns are configurable and randomized. https://github.com/cliffe/secgen #ASE16

[ Windows ]  Congrats to @ ea_foundation for his MS Edge PDF RCE bulletins MS16-096 and MS16-102 CVE-2016-3319 http://blog.talosintel.com/2016/08/ms-pdf-vulnerability.html?m=1 @ TalosSecurity

[ Windows ]  Microsoft removing Journal component from Windows because it is “susceptible to many security exploits”. https://support.microsoft.com/en-us/kb/3161102