[ Android ]  Tool to reverse engineer your app online to get API tokens and Secrets https://android.fallible.co/

[ Attack ]  Abusing npm libraries for data exfiltration https://blog.sourceclear.com/all-your-secrets-belong-to-us/

[ Crypto ]  Slides for @ deepsec talk about Post Quantum Cryptography https://www.int21.de/slides/deepsec-postquantum/

[ iOS ]  Blink Shell for iOS : an Open-Sourcea full-fledged terminal emulator / SSH client for iOS (support for Mosh) : http://www.blink.sh/

[ macOS ]  CIS Apple OSX 10.12 Benchmark https://benchmarks.cisecurity.org/tools2/osx/CIS_Apple_OSX_10.12_Benchmark_v1.0.0.pdf

[ MalwareAnalysis ]  Angry Duck, FakeLock, and new variants of Locky are some the #ransomware we spotted recently. Report: http://bit.ly/2fBWXLO

[ MalwareAnalysis ]  CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox http://www.kitploit.com/2016/11/cuckoodroid-automated-android-malware.html

[ Others ]  #oredev CLRMD talk materials -- Slides: https://s.sashag.net/oredev1 Demo: https://www.dropbox.com/s/6pvrh5ljq25uhm3/oredev-clrmd-demo.zip?dl=0 msos (better demo): https://t.co/IVvFOdSxyT

[ Others ]  bWAPP Command Injection Exploitation using Commix (Bypass All Security) http://www.hackingarticles.in/bwapp-command-injection-exploitation-using-commix-bypass-security/

[ Popular Software ]  .NET platform in the Burp Infiltrator tool. http://releases.portswigger.net/2016/11/1711.html

[ Popular Software ]  vBulletin 4.2.3 SQL Injection https://packetstormsecurity.com/files/139688/vbulletin423-sql.txt

[ Tools ]  CHIPSEC v1.2.5 published! Major package setup/install improvements https://github.com/chipsec/chipsec/releases/tag/v1.2.5

[ Tools ]  Codehash.db : A public database of software and firmware hashes : https://github.com/rootkovska/codehash.db

[ Tools ]  Slides from my Linux Plumbers talks on kernel sanitizers and syzkaller (syscall fuzzer): https://goo.gl/G6P0dX https://t.co/OLsh50BkI8

[ Tools ]  VolatilityBot – An automated memory analyzer for malware samples and memory dumps by @ MartinKorman https://github.com/mkorman90/VolatilityBot

[ Vulnerability ]  Observium Remote Command Execution https://cxsecurity.com/issue/WLB-2016110101

[ WirelessSecurity ]  Inferring your mobile phone password via wifi signals https://blog.acolyer.org/2016/11/10/when-csi-meets-public-wifi-inferring-your-mobile-phone-password-via-wifi-signals/

[ WirelessSecurity ]  SDRuno Updated to V1.1: Now supports up to 2.4 MSPS for the RTL-SDR http://www.rtl-sdr.com/sdruno-updated-to-v1-1-now-supports-up-to-2-4-msps-for-the-rtl-sdr/

[ WirelessSecurity ]  A new GNU Radio OOT module. https://github.com/drmpeg/gr-ule Allows DVB-T2 or DVB-S2 links to be used for IP network interlinks. #gnuradio #dvbt2