[ Android ]  Security analysis of popular Android password managers https://team-sik.org/trent_portfolio/password-manager-apps/

[ Browser ]  Mozilla Firefox: use-after-poison in nsStylePadding::GetPadding https://bugs.chromium.org/p/project-zero/issues/detail?id=1135

[ Debug ]  WinAppDbg v1.6 is out! https://github.com/MarioVilas/winappdbg/releases/tag/winappdbg_v1.6

[ Debug ]  now , you can access dbghelp.dll and do some thing with pdb via js , enjoy it https://github.com/tinysec/dbghelp.js

[ Exploit ]  Now reading: Exploiting VLC - A case study on jemalloc heap overflows http://phrack.org/issues/68/13.html#article via @ _argp

[ Fuzzing ]  Finally! Vuzzer was open sourced https://github.com/vusec/vuzzer Thank you @ vu5ec

[ Hardware ]  SGX Cache Attacks Are Practical - https://arxiv.org/pdf/1702.07521.pdf

[ Hardware ]  OverThruster - HID Attack Payload Generator For Arduinos http://www.kitploit.com/2017/02/overthruster-hid-attack-payload.html

[ Hardware ]  OpenXR - Cross-Platform, Portable, Virtual Reality : https://www.khronos.org/openxr

[ iOS ]  Fun fact: hold down Home+VolUp at cold boot to boot iOS 10.3 into CheckerBoard, a new diagnostics & logs system for… https://t.co/UJwxW25uYo

[ IoTDevice ]  Hacking Unicorns with Web Bluetooth https://www.contextis.com/resources/blog/hacking-unicorns-web-bluetooth/

[ Linux ]  Linux kernel mitigation checklist( update: Feb 28 2017) https://hardenedlinux.github.io/system-security/2016/12/13/kernel_mitigation_checklist.html

[ MachineLearning ]  Decrypting after a Findzip ransomware infection https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/

[ Malware ]  I wrote a blog post about my favorite subject, which is (of course) making better ransomware: https://blog.cryptographyengineering.com/2017/02/28/the-future-of-ransomware/

[ MalwareAnalysis ]  New Neutrino Bot comes in a protective loader https://blog.malwarebytes.com/threat-analysis/2017/02/new-neutrino-bot-comes-in-a-protective-loader/

[ NetworkDevice ]  D-link wireless router DI-524 – Multiple Cross-Site Request Forgery (CSRF… https://goo.gl/fb/vLDCtl #FullDisclosure

[ Others ]  Abusing Google App Scripting Through Social Engineering - Data Exfil Without Code Exec http://www.redblue.team/2017/02/abusing-google-app-scripting-through.html

[ Others ]  CVE-2017-6189-Amazon Kindle for Windows https://goo.gl/fb/wmzLwC #FullDisclosure

[ Others ]  AtomBombing : Brand New Code Injection for Windows : https://breakingmalware.com/injection-techniques/atombombing-brand-new-code-injection-for-windows/ , Dridex’s Cold War: Enter AtomBombing… https://twitter.com/i/web/status/836604823915085824

[ Popular Software ]  Siemens #RUGGEDCOM NMS Equipment Vulnerable to #CSRF, #XSS: https://threatpost.com/siemens-ruggedcom-nms-equipment-vulnerable-to-csrf-xss/123977/ via @ threatpost

[ Programming ]  Memory management in C : The heap and the stack : http://www.inf.udec.cl/~leo/teoX.pdf (pdf) , Slides : https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-s096-introduction-to-c-and-c-january-iap-2013/lectures-and-assignments/c-memory-management/MIT6_S096_IAP13_lec3.pdf

[ ReverseEngineering ]  .NET Reverse Enginering - Part 1 : http://codepool.me/NET-Reverse-Enginering-Part-1/

[ Sandbox ]  Sandbox Evasion Techniques (Part 2) : https://www.vmray.com/blog/sandbox-evasion-techniques-part-2/ ,Part 1 : https://www.vmray.com/blog/sandbox-evasion-techniques-part-1/

[ SecurityProduct ]  Universal Unhooking: Blinding Security Software http://buff.ly/2lPJRO0 #hacking #infosec #security https://t.co/2ifczUO20Y

[ SecurityProduct ]  Cisco ASA Remote Code Execution – Verifying CVE-2016-1287 https://blog.netspi.com/cisco-asa-remote-code-execution-verifying-cve-2016-1287/

[ Tools ]  wtrace - Command line tracing tool for Windows, based on ETW. - https://github.com/lowleveldesign/wtrace

[ Tools ]  Burp Suite Intro : Burp Suite Features & Usage https://blog.zsec.uk/ltr101-burp-suite-intro/

[ Tools ]  Burp Suite v1.7.18 released, with new option to stop accumulating project data for out-of-scope items: https://t.co/zRz2KFN2O5

[ Tools ]  Generate two PDFs with different contents but identical SHA1 hashes : https://github.com/nneonneo/sha1collider/blob/master/collide.py

[ Tools ]  Final cover art for Gray Hat C#. So excited. /cc @mattifestation @coderCyclist https://t.co/ngYNrA6NGj

[ Tools ]  maclook4ref is a new tool to recover & analyze C++ vtable functions in MacOS KEXT binary. #CapstoneInside… https://t.co/Ce8wSh7LSm

[ Vulnerability ]  So PHP has quietly fixed an issue that allows indirect root-like privilege escalations via its OPCache ... https://t.co/mj6zRgnEZp

[ Web Security ]  Web Cache Deception attack: A new web attack vector, PayPal and others are vulnerable http://omergil.blogspot.co.il/2017/02/web-cache-deception-attack.html https://t.co/WjM6HIaEXf

[ Web Security ]  Children’s Voice Messages Leaked in #CloudPets Database Breach: https://threatpost.com/childrens-voice-messages-leaked-in-cloudpets-database-breach/123956/ via @ threatpost

[ Windows ]  Attacking Windows SMB Zero-Day Vulnerability https://www.secureworks.com/blog/attacking-windows-smb-zero-day-vulnerability

[ Windows ]  Jan/Feb 2017 issue of The NT Insider is available.  http://insider.osr.com/2017/ntinsider_2017_01.pdf