[ Android ]  Sophos researchers give an overview of anti-emulation techniques used in Android malware https://blogs.sophos.com/2017/04/13/android-malware-anti-emulation-techniques/ https://t.co/3zpo8v1zZw

[ Browser ]  Modernizing the DOM tree in Microsoft Edge: https://blogs.windows.com/msedgedev/2017/04/19/modernizing-dom-tree-microsoft-edge/

[ Browser ]  The ECMA and The Chakra http://conference.hitb.org/hitbsecconf2017ams/materials/CLOSING%20KEYNOTE%20-%20Natalie%20Silvanovich%20-%20The%20ECMA%20and%20The%20Chakra.pdf #ExploitDev #Hacking #InfoSec @ MicrosoftEdge https://t.co/bHPbqdAhza

[ Hardware ]  [remote] - Huawei HG532n - Command Injection (Metasploit) https://www.exploit-db.com/exploits/41895/

[ Industry News ]  just pwned PS4 4.5x

[ Industry News ]  Microsoft Touts New Phone-Based Login Mechanism: https://threatpost.com/microsoft-touts-new-phone-based-login-mechanism/125065/ via @ threatpost

[ Linux ]  Added a new post to my blog, Linux ptrace introduction AKA injecting into sshd for fun https://blog.xpnsec.com/linux-process-injection-aka-injecting-into-sshd-for-fun/

[ Mobile ]  Fuzzing your GSM phone using OpenBSC and scapy [PDF] https://events.ccc.de/congress/2009/Fahrplan/attachments/1503_openbsc_gsm_fuzzing.pdf https://t.co/oyzSew5QAI

[ Others ]  Vulnerability Spotlight: ARM Mbedtls x509 ECDSA invalid public key Code Execution Vulnerability https://blogs.cisco.com/security/talos/vulnerability-spotlight-arm-tls

[ Others ]  #shadowbrokers #DOUBLEPULSAR kernel DLL injection technique is far more advanced than #metasploit - We reversed it https://t.co/1xslRluaD8

[ Others ]  Rig is the most popular exploit kit at the moment. @ nao_sec wrote a thorough analysis http://www.nao-sec.org/2017/04/analyzing-rig-exploit-kit-vol1.html

[ Others ]  [blog] Trying to detect PowerShell obfuscation through character frequency https://cobbr.io/ObfuscationDetection.html

[ Others ]  No Blog. Just code ;-) https://github.com/subTee/Shellcode-Via-HTA Shellcode via HTA working example. No RWX pages, x86,x64 Custom Spawn As Feedback Welcome.

[ Others ]  Extracting cross-origin data via the ambient light sensor: demos & setup https://arturjanc.com/ls /cc @ lukOlejnik for https://t.co/OHmDDXovMW

[ Sandbox ]  Understanding the Microsoft Office 2016 Protected-View Sandbox http://conference.hitb.org/hitbsecconf2017ams/materials/D2T4%20-%20Koh%20Yong%20Chuan%20-%20Understanding%20the%20Microsoft%20Ofice%202016%20Protected%20View%20Sandbox.pdf #ExploitDev #PenTest #InfoSec https://t.co/AbrXissbIM

[ Tools ]  [papers] - How to Exploit ETERNALBLUE and DOUBLEPULSAR… http://dlvr.it/NwgPnt #ExploitDB #Hacking #Security #Vulnerability #cybersecurity

[ Vulnerability ]  How we found a tcpdump vulnerability using cloud fuzzing https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/

[ Vulnerability ]  A full technical explanation of, & code example for exploiting the RISC-V privilege escalation flaw: https://t.co/aBF98HpT6i #HITB2017AMS

[ Vulnerability ]  The reason I wrote https://github.com/tyranid/DotNetToJScript should become clear https://bugs.chromium.org/p/project-zero/issues/detail?id=1103 similar to @ tehjh's VirtualBox EoPs on Linux :-)

[ Vulnerability ]  CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host: Posted by P J P on Apr 19… https://t.co/ptYB9Negia