[ Android ]  Writeup on cadmium - Exploit targeting sboot, the exynos android bootloader cc @ _kamino_ @ nitayart https://wikileaks.org/ciav7p1/cms/files/cadmium.pdf #Vault7

[ Android ]  [CVE-2017-0510] Critical #Vulnerability: Attacking #Nexus 9 with Malicious Headphones #android #netsec https://t.co/QXnbBZ07oT

[ Android ]  TrustZone TEEs An Attacker’s Perspective https://microsoftrnd.co.il/Press%20Kit/BlueHat%20IL%20Decks/GalBeniamini.pdf

[ Browser ]  Here are the release notes for today’s Safari Technology Preview release 25 update. https://webkit.org/blog/7432/release-notes-for-safari-technology-preview-25/ https://t.co/LpAlZA6G6Y

[ Crypto ]  Cryptography and Network Security Principles and Practices (4rth Edition) : http://www.inf.ufsc.br/~bosco.sobral/ensino/ine5680/material-cripto-seg/2014-1/Stallings/Stallings_Cryptography_and_Network_Security.pdf (pdf)

[ IoTDevice ]  0day vulnerabilities found in GoAhead and in Wireless IP (P2P) cameras (pre-auth RCE as root) #0day #IoT #Cloud https://t.co/pWq7tbzLRg

[ Linux ]  Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc http://seclists.org/oss-sec/2017/q1/569

[ MalwareAnalysis ]  Crypt0l0cker (TorrentLocker): Old Dog, New Tricks http://blog.talosintelligence.com/2017/03/crypt0l0cker-torrentlocker-old-dog-new.html

[ Others ]  Art of Anti Detection 3 – https://pentest.blog/art-of-anti-detection-3-shellcode-alchemy/ ,Part 2 (PE Backdoor Manufacturing): https://pentest.blog/art-of-anti-detection-2-pe-backdoor-manufacturing/ ,P1… https://twitter.com/i/web/status/839374930340900864

[ Popular Software ]  Ambionics Security team found critical RCE vulnerability in Drupal Services module. Details and exploit: https://t.co/wMSvhZkRjj

[ Popular Software ]  [TECHNICAL ADVISORY] Shell Injection in #MacVim mvim URI handler…by @ dan_crowley https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/february/technical-advisory-shell-injection-in-macvim-mvim-uri-handler/

[ Tools ]  Wow, a brand new framework uses Intel's Branch-Trace-Store for transparent runtime code tracing! #CapstoneInside… https://t.co/t7YEuzWq49

[ Tools ]  Unicorn v2.6 released. Adds obfuscation to the HTA attack vector. Now much harder to detect. Misc bug fixes. https://t.co/FhGQkzfiPd

[ Tools ]  A Windows Debugger WDB cheat-sheet reference curtesy of the CIA https://wikileaks.org/ciav7p1/cms/page_13762778.html https://t.co/LOwAUwhcZ2

[ Tools ]  SJCL – Stanford JavaScript Crypto Library : https://github.com/bitwiseshiftleft/sjcl

[ Tools ]  I wrote a ptrace based assembly repl for x86, armv7, amd64. Useful for quickly playing with unknown instructions. https://t.co/QQCLOS83F8

[ Virtualization ]  Hyper-V Top Level Functional Specification v5.0 - docs on Virtual Secure Mode VTL and Nested Virtualization - https://github.com/Microsoft/Virtualization-Documentation/blob/live/tlfs/Hypervisor%20Top%20Level%20Functional%20Specification%20v5.0.pdf

[ Web Security ]  When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into 8 Vulnerabilities on @Airbnb w/@bbuerhaus https://t.co/A9H7lDbG2J

[ Windows ]  USBPcap (USBPcap.sys) NULL Pointer Dereference EOP Exploit https://www.exploit-db.com/exploits/41542/ (bundled with WireShark 2.2.5) #0day