[ Android ]  Hack Android Phone using HTA Attack with QR Code http://www.hackingarticles.in/hack-android-phone-using-hta-attack-qr-code/

[ Android ]  Android malware analysis with Radare: Dissecting the Triada Trojan https://www.nowsecure.com/blog/2016/11/21/android-malware-analysis-radare-triada-trojan/

[ Browser ]  PoC for Microsoft Edge Scripting Engine Memory Corruption Vulnerability (MS16-129) (CVE-2016-7202): http://www.security-assessment.com/files/documents/advisory/edge_chakra_mem_corruption.pdf

[ iOS ]  [CVE-2016-4673] Apple CoreGraphics macOS/iOS JPEG memory corruption https://marcograss.github.io/security/apple/cve/macos/ios/2016/11/21/cve-2016-4673-apple-coregraphics.html

[ Malware ]  New #Nemucod campaign spreading #Locky #ransomware via @ Facebook Messenger - http://bit.ly/2ficnDm

[ Malware ]  little-doctor : A JavaScript worm that can exfiltrate files, microphone, webcam, and other data : https://github.com/infosec-au/little-doctor cc @ infosec_au

[ MalwareAnalysis ]  Mirai Botnet Itself is Flawed; Hacking Back IoTs Could Mitigate DDoS Attacks http://thehackernews.com/2016/10/mirai-botnet-iot-malware.html?utm_campaign=crowdfire&utm_content=crowdfire&utm_medium=social&utm_source=twitter https://t.co/cvoboATcFd

[ Network ]  Monitoring ‘DNS’ inside the Tor network - http://blog.0x3a.com/post/153468210759/monitoring-dns-inside-the-tor-network https://t.co/ciZgjrGKFL

[ Others ]  remote pre-auth single packet DoS of ntpd (exploit included) http://dumpco.re/cve-2016-7434/

[ Others ]  Slides (and soon, code) for my recent talk on automated shellcode generation with encoding restrictions: https://t.co/GuSyEHA1CH

[ Others ]  At @SlackHQ we use Linux Audit to continuously monitor thousands of hosts. Today we are open sourcing our tools. https://t.co/byiHD9Do7A

[ Others ]  The slides of our "Lifting the Fog on RedStar OS" talk from #32c3 are now online: https://github.com/takeshixx/redstar-tools/raw/master/RedStar_OS_32c3.pdf cc: @ 0x79

[ Others ]  New Lenovo advisory provides mitigation strategy to protect against unauthorized bypass of Microsoft Device Guard: https://t.co/Wi316fTpkU

[ Others ]  Circumventing Malwarebytes Anti-Exploit 1.08 with a single write to memory https://blog.ropchain.com/2016/11/21/circumventing-malwarebytes-anti-exploit-1-08-with-a-single-write-to-memory/

[ Others ]  Improving Digital Side Channel Protection with Static Analysis Techniques http://apps.cs.utexas.edu/tech_reports/reports/tr/TR-2228.pdf

[ Others ]  Device Guard Code Integrity Policy Auditing Methodology http://www.exploit-monday.com/2016/11/code-integrity-policy-audit-methodology.html

[ Others ]  Bypassing Application Whitelisting by using dnx.exe : https://enigma0x3.net/2016/11/17/bypassing-application-whitelisting-by-using-dnx-exe/ cc @ enigma0x3

[ Others ]  Reversing & breaking (in)secure HDD enclosures : https://syscall.eu/pdf/2016-Lenoir_Rigo-HDD_PIN.pdf (Slides) , Paper : https://syscall.eu/pdf/2016-Lenoir_Rigo-HDD_PIN-paper.pdf

[ Pentest ]  aws_pwn : A collection of AWS penetration testing junk : https://github.com/dagrz/aws_pwn

[ Tools ]  We have two code releases for you today! Windows Intel Processor Trace Driver https://github.com/talos-vulndev/TalosIntelPtDriver and FuzzFlow https://t.co/isTrrvbnNF

[ Tools ]  Unfolding obfuscated code with Reven (part 1, full write-up) http://blog.tetrane.com/2016/11/reversing-f4b-challenge-part1.html

[ Tools ]  HexRaysPyTools - Plugin assists in creation classes/structures and detection virtual tables. Based on IDAPython. https://github.com/igogo-x86/HexRaysPyTools

[ Vulnerability ]  This advisory covers findings identified by Inverse Path in collaboration with Airbus ICT Industrial Security, affe… https://t.co/vIUoUGS3Qx

[ WirelessSecurity ]  New blog post: A journey into the depths of VoWiFi Security https://insinuator.net/2016/10/a-journey-into-the-depths-of-vowifi-security/