[ Attack ]  Rise of the Machines: The Dyn Attack Was Just a Practice Run (Mirai 'is just the tip of the iceberg') : http://icitech.org/wp-content/uploads/2016/12/ICIT-Brief-Rise-of-the-Machines.pdf (pdf)

[ Browser ]  RCE in JXBrowser JavaScript/Java bridge : http://blog.portswigger.net/2016/12/rce-in-jxbrowser-javascriptjava-bridge.html

[ Browser ]  Here is basically how Firefox chrome code execution works http://pastebin.com/raw/EsBErDZ3/ #TheMoreYouKnow

[ Browser ]  ROP & Heap Spray for a Reverse Shell in IE8 : https://woumn.wordpress.com/2016/12/07/rop-heap-spray-for-a-reverse-shell-in-ie8/ https://t.co/NTri6b0JDk

[ Browser ]  #DailyBug #MSIE 9 MSHTML CDisp­Node::Insert­Sibling­Node use-after-free http://blog.skylined.nl/20161208001.html

[ Fuzzing ]  Applied high-speed in-process fuzzing: the case of Foxit Reader http://www.hdwsec.fr/en/blog/inprocessfuzzing.html

[ iOS ]  If you add https://jbme.qwertyoruiop.com to Cydia, a tweak that patches the Pegasus bug is available.

[ IoTDevice ]  An Anatomy of IoT Security : https://github.com/mdsecresearch/Publications/blob/master/presentations/An%20Anatomy%20of%20IoT%20Security_OWASPMCR_Nov2016.pdf (Slides) cc @ domchell || @ OwaspMcr

[ MalwareAnalysis ]  PowerShell threats are on the rise: 95.4% of the scripts we analyzed were malicious Learn more:… https://t.co/TxuOYwsJGG

[ Mobile ]  New post: Mobile Ransomware: Pocket-Sized Badness http://bit.ly/2hn2p4Q @ TrendMicro

[ OpenSourceProject ]  FreeBSD/Apple libc link_ntoa() buffer overflow https://cxsecurity.com/issue/WLB-2016120046

[ Others ]  Eventvwr File-less UAC Bypass implemented in Cobalt Strike https://www.mdsec.co.uk/2016/12/cna-eventvwr-uac-bypass/ #windows #UAC #bypass https://t.co/MS2F5SGPm6

[ Others ]  North Korea's Linux-based Red Star OS can be Hacked Remotely with just a Link http://thehackernews.com/2016/12/redstar-north-korea.html #linux #Security

[ Others ]  Tracking Down a Freaky Python Memory Leak : https://benbernardblog.com/tracking-down-a-freaky-python-memory-leak/

[ Others ]  Smashing the Stack into a Reverse Shell : https://woumn.wordpress.com/2016/09/24/smashing-the-stack-into-a-reverse-shell/ ; Bypassing ASLR on Windows into a Reverse Shell : https://woumn.wordpress.com/2016/10/12/bypassing-aslr-on-windows-into-a-reverse-shell/

[ Tools ]  Best IDA Plugins https://n0where.net/best-ida-plugins/ #InfoSec #CyberSecurity

[ Tools ]  Neat IDA Python editor. https://github.com/techbliss/Python_editor

[ Tools ]  ATrace is a tool for tracing execution of binaries on Windows. https://shrtm.nu/iJRR by @ ktwo_K2

[ Tools ]  EPEx: Error Path Exploration for Finding Error Handling Bugs https://github.com/yujokang/epex

[ Tools ]  Cobalt Strike 3.6 – A Path for Privilege Escalation http://blog.cobaltstrike.com/2016/12/08/cobalt-strike-3-6-a-path-for-privilege-escalation https://t.co/rxGReyjWHO

[ Tools ]  xrdp : A rudimentary remote desktop tool for the X11 protocol exploiting unauthenticated x11 sessions : https://github.com/sensepost/xrdp

[ Windows ]  Windows Kernel Exploitation - Uninitialized Heap Variable Assignment http://dokydoky.tistory.com/445

[ Windows ]  CSS Custom Properties (variables to non-Spec heads) in Edge \o/ https://twitter.com/msedgedev/status/806641150186528768