[ Android ]  Build an Android Penetration Testing lab http://www.hackingarticles.in/build-android-penetration-testing-lab/

[ Attack ]  Hong Kong Government Hacked by APT3 Group before elections http://securityaffairs.co/wordpress/50918/cyber-crime/apt3.html

[ Crypto ]  My #appseceu slides: Practical Attacks on Real World Crypto Implementations http://2016.appsec.eu/wp-content/uploads/2016/09/2016-06-OWASP-Crypto-Attacks.pdf

[ Fuzzing ]  #QtCon #FSFEsummit talk on American Fuzzy Lop and Address Sanitizer slides https://www.int21.de/slides/qtcon-fuzzing/ (almost same as @ BornHax talk)

[ iOS ]  How Apple fixed OSUnserialzeBinary() in response to PEGASUS http://pastebin.com/raw/JSej0pUi

[ Malware ]  Guest blog: Nemucod ransomware analysis https://www.virusbulletin.com/blog/2016/september/guest-blog-nemucod-ransomware-analysis/

[ Others ]  Slides from my talk at #softwarecircus on Thinking Evil Thoughts, all about threat modeling https://speakerdeck.com/garethr/thinking-evil-thoughts

[ Others ]  New blog post outlining the implementation of Seccomp and Seccomp-BPF https://illogicalexpressions.com/linux/2016/08/31/seccomp-and-seccomp-bpf.html

[ Others ]  Interesting analysis by @ ThreatConnect on state election hack links to some other campaigns https://threatconnect.com/blog/state-board-election-rabbit-hole/ https://t.co/WVvS78JNJO

[ Others ]  How to Read and Write Other Process Memory - http://nullprogram.com/blog/2016/09/03/

[ Others ]  Hacking Air-Gapped Networks http://resources.infosecinstitute.com/hacking-air-gapped-networks/

[ Web Security ]  Introducing ‘XSS Payloads’ repository: Cross Site Scripting doesn’t have to be boring - https://labs.nettitude.com/blog/cross-site-scripting-doesnt-have-to-be-boring/