[ Attack ]  5th and last part of Kings In Your Castle blog series is out: APT correlation and do-it-yourself threat research https://t.co/YoujBTLn1B

[ Browser ]  RedStar OS: Naenara Browser 3.5 exploit (JACKRABBIT) & others https://www.myhackerhouse.com/naenara-browser-3-5-exploit-jackrabbit/

[ Conference ]  Now Available: Videos from re:Invent 2016 Security and Compliance Sessions https://aws.amazon.com/blogs/security/now-available-videos-and-slide-decks-from-reinvent-2016-security-and-compliance-sessions/

[ Conference ]  Material used for the 2016 #MISP training in Zurich (Switch-CERT) & #BotConf workshop (inc. virtual image) https://www.circl.lu/services/misp-training-materials/#switch-misp-training-2016-and-botconf-workshop-2016 #DFIR

[ Crypto ]  [BLOG] Differential Fault Analysis on White-box AES Implementations http://blog.quarkslab.com/differential-fault-analysis-on-white-box-aes-implementations.html #reverse #crypto by @ doegox & @ haxelion

[ Hardware ]  Small-scale honeynet with Raspberry Pi https://www.redpill-linpro.com/sysadvent/2016/12/19/raspberry-pi-honeynet.html

[ IoTDevice ]  Remote Attacks on vehicles by exploiting vulnerable telematics : http://hitcon.org/2016/pacific/0composition/pdf/1201/1201%20R1%201410%20remote%20attacks%20on%20vehicles%20by%20exploiting%20vulnerable%20telematics.pdf (Slides)

[ Others ]  Malware Training Sets: A machine learning dataset for everyone - http://marcoramilli.blogspot.cz/2016/12/malware-training-sets-machine-learning.html

[ Others ]  Automatic Binary Exploitation and Patching using Mechanical [Shell]Phish : http://hitcon.org/2016/pacific/0composition/pdf/1202/1202%20R2%201510%20automatic%20binary%20exploitation%20and%20patching%20using%20mechanical%20shellphish.pdf (Slides)

[ Others ]  MISP 2.4.57 released including the new feature to enforce warning-lists at API and many new attribute types https://t.co/FF3IgcQFWy

[ Popular Software ]  RCE and Cardholder Data Exfiltration in Oracle's Hotel Management Platform : http://jackson.thuraisamy.me/oracle-opera.html // CVE-2016… https://twitter.com/i/web/status/810800265565704192

[ Protocol ]  OpenSSH 7.4 released! http://undeadly.org/cgi?action=article&sid=20161219155115

[ Tools ]  merged HalfSipHash, 32-bit version of SipHash motivated by needs of the Linux kernel https://github.com/veorq/SipHash

[ Tools ]  #Docker replaced by 100 lines of shell script https://github.com/p8952/bocker (bwo @ parazyd) #VM #Virtualization… https://t.co/FtC69Vcm40

[ Tools ]  morpheus - automated ettercap TCP/IP Hijacking tool https://github.com/r00t-3xp10it/morpheus

[ Virtualization ]  Architecting Virtualization Labs for fun,Profit & learning : https://blindseeker.com/AVATAR/AVATAR-12-3-16.pdf (pdf) cc @ da_667

[ Virtualization ]  XSA-204 - Xen "x86: Mishandling of SYSCALL singlestep during emulation", oops… http://xenbits.xen.org/xsa/advisory-204.html

[ Windows ]  3/4 Mitigation bounty — 4 techniques to bypass mitigations: https://medium.com/@ mxatone/mitigation-bounty-4-techniques-to-bypass-mitigations-2d0970147f83#.nqp3nj1i0

[ WirelessSecurity ]  Design and Implementation of Open BTS on Software Defined Radio [PDF] http://www.irdindia.in/journal_itsi/pdf/vol4_iss3/6.pdf #GSM #SDR

[ WirelessSecurity ]  Demonstration of Vulnerabilities in GSM Security with USRP B200 and Open-Source Penetration Tools https://www.researchgate.net/publication/307544953_Demonstration_of_Vulnerabilities_in_GSM_Security_with_USRP_B200_and_Open-Source_Penetration_Tools #GSM #SDR #OpenBTS