[ Android ]  Android - IOMXNodeInstance::enableNativeBuffers unchecked index https://bugs.chromium.org/p/project-zero/issues/detail?id=932

[ Browser ]  Brave Browser 1.2.16/1.9.56 - Address Bar URL Spoofing (iOS + Android) : https://www.exploit-db.com/exploits/40994/ cc @ aaditya_purani || @ thehackerledge

[ Browser ]  The Official Tor Browser For iOS Is Free To Use http://arstechnica.com/security/2017/01/tor-onion-browser-ios-vpn/

[ Cloud ]  Our #NDSS17 paper "Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud" is now online:… https://t.co/XBTGVq5luX

[ Industry News ]  27k MongoDB Instances Have Now Been Hacked http://www.zdnet.com/article/mongodb-ransacked-now-27000-databases-hit-in-mass-ransom-attacks/

[ Industry News ]  .@ HelloKitty database of 3.3M breached credentials surfaces - http://bit.ly/2jvYKqK

[ IoTDevice ]  Internet of Things IoT radio frequency RF Analysis With Software Defined Radio Kevin Bong #SDR #HackRF #IoT… https://twitter.com/i/web/status/818292136370061316

[ IoTDevice ]  Hacking The IoT (Internet of Things) - PenTesting RF Operated Devices [PDF] #SDR #GnuRadio #RFcat… https://twitter.com/i/web/status/818294066886496258

[ IoTDevice ]  How to Build a Command Injection Exploit for the Netgear R7000 https://www.hackingloops.com/netgear-r7000-exploit/

[ Others ]  Cracking The 12+ Character Password Barrier, Literally : http://www.netmux.com/blog/cracking-12-character-above-passwords

[ Others ]  A great article by @s4sh_s on setup GDT table & X86 segments (so you can emulate Windows shellcode) with Unicorn: https://t.co/rXwQ4tSOwL

[ Programming ]  Open-sourced our research on C++ hierarchy reconstruction in binaries https://github.com/RUB-SysSec/Marx

[ SecurityProduct ]  Bypass all the AV's!! https://www.youtube.com/watch?v=EYuHAqY0xSw

[ SecurityReport ]  The ZDI 2016 Retrospective: 674 advisories, 54 0-days, $2,000,000 paid out: http://blog.trendmicro.com/zdi-2016-retrospective/ #vulnerabilities #exploits #0days #0day

[ Tools ]  chisel : A fast TCP tunnel over HTTP : https://github.com/jpillora/chisel https://t.co/SvjUU5g9vf

[ Tools ]  TruffleHog high-entropy key hunter released to the masses http://www.zdnet.com/article/trufflehog-high-entropy-key-hunter-released-to-the-masses/#ftag=RSSbaffb68

[ Tools ]  Rux - A hobbyist microkernel written in Rust - https://github.com/sorpaas/rux

[ Vulnerability ]  Cemu v1.6.4b infoleak + buffer overflow = emulator breakout (code exec on host) https://gist.github.com/Wack0/cf10d061880b4597181796f843651e52

[ Vulnerability ]  Gaming network @ ESEA breached, 1.5M profiles leaked - http://bit.ly/2jvKldV https://t.co/C2zDiUhOS1

[ Web Security ]  Remote Exploit - Shellcode without Sockets : https://0x00sec.org/t/remote-exploit-shellcode-without-sockets/1440

[ Web Security ]  Web Application Penetration Testing : Local File Inclusion (LFI) Testing Techniques : https://www.exploit-db.com/docs/40992.pdf (pdf) https://t.co/DPkJm8hLg1

[ Web Security ]  Damn Vulnerable Web Sockets - vulnerable web application which works on web sockets for client-server communication: https://github.com/interference-security/DVWS