[ Browser ]  0patching another 0-day: Internet Explorer 11 Type Confusion (CVE-2017-0037) http://0patch.blogspot.com/2017/03/0patching-another-0-day-internet.html

[ Browser ]  Chrome 57 security fixes https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html

[ Forensics ]  AFAIK there are at least two KLEE forks with built-in taint analysis: http://repository.cmu.edu/cgi/viewcontent.cgi?article=1242&context=ece&sei-redir=1&referer=https%3A%2F%2Fscholar.google.com%2Fscholar%3Fq%3DKLEE%2B%2522taint%2Banalysis%2522%26btnG%3D%26hl%3Den%26as_sdt%3D0%252C33#search=%22KLEE%20taint%20analysis%22 and https://cs.famaf.unc.edu.ar/~rcorin/kleecrypto/icics.pdf : any others?

[ IoTDevice ]  Multiple vulnerabilities discovered in ASUSWRT https://bierbaumer.net/security/asuswrt/

[ Malware ]  How To Restore Your Computer From The UEFI Ransomware (Complete Removal Guide) http://bestsecuritysearch.com/restore-computer-uefi-ransomware-complete-removal-guide/

[ MalwareAnalysis ]  Introduction to Reverse Engineering Cocoa Applications http://www.fireeye.com/blog/threat-research/2017/03/introduction_to_reve.html

[ Network ]  #KaitaiStruct is the fastest #Python binary parser among #Scapy #Construct #Hachoir in benchmark by Carolina Lucas:… https://t.co/lpOcxevZhq

[ Others ]  J.Martin et al., "A Study of MAC Address Randomization in Mobile Devices and When it Fails" https://arxiv.org/abs/1703.02874

[ Pentest ]  Introducing my new red teaming tool SessionGopher. Check out my post on the FireEye Threat Research Blog. https://t.co/1wIqgNk2fn

[ Popular Software ]  Very cool Google Maps XSS https://medium.com/@ marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff#.o2rm7fh0g #XSS #BugBounty #vulnerability #GoogleMaps

[ Popular Software ]  Notepad++ release v7.3.3 - Fix CIA Hacking Issue : https://notepad-plus-plus.org/news/notepad-7.3.3-fix-cia-hacking-issue.html , Notepad++ DLL Hijack (Vault7 / CIA) : https://wikileaks.org/ciav7p1/cms/page_26968090.html

[ Programming ]  Vulnerability Spotlight: R - PDF LoadEncoding Code Execution Vulnerability http://blog.talosintelligence.com/2017/03/r-pdf-vuln.html

[ Programming ]  Git Internals: http://opcode.org/peepcode-git.pdf (pdf)

[ Programming ]  An In-Depth Study of > 10 Yrs of Java Exploitation : https://testlab.sit.fraunhofer.de/downloads/publications/holzinger2016java.pdf (pdf)

[ Tools ]  HighTouch-WPS-Breaker #Bash script to extract the #WPS pin of many #vulnerable #routers and get the password https://t.co/kNgNLoU5tG

[ Tools ]  PoC to show why HttpOnly flag isn't a complete protection against session hijacking via XSS.… https://t.co/CPZI4UbZjl

[ Tools ]  Many new and updated MISP expansion modules available in misp-modules including @ ThreatMiner https://github.com/MISP/misp-modules/ #ThreatIntel

[ Tools ]  The System Design Primer : https://github.com/donnemartin/system-design-primer https://t.co/0yLmB5ZMAE

[ Windows ]  [New Post] Various Privilege Escalation Methods via Unquoted Service Path https://pentestlab.blog/2017/03/09/unquoted-service-path/ #pentestlab #pentest #privilegeescalation

[ Windows ]  New code injection detection features in #WDATP creators update. Lots of case studies https://blogs.technet.microsoft.com/mmpc/2017/03/08/uncovering-cross-process-injection-with-windows-defender-atp/