[ Browser ]  SOP bypass / UXSS – Stealing Credentials Pretty Fast (Edge) - Broken Browser https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/

[ Browser ]  Firefox 53 & Edge 40 Browsers CSP Bypass https://www.n0tr00t.com/2017/05/10/Firefox-and-Edge-Browsers-CSP-Bypass.html

[ Industry News ]  Here's a better article on how Microsoft refuses to allow third-party browsers on Windows 10 S. http://www.zdnet.com/article/google-chrome-wont-be-allowed-on-windows-10-s/

[ IoTDevice ]  Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892] https://goo.gl/fb/FxtN5C #FullDisclosure

[ IoTDevice ]  [blog] IoT Security Testing Methodology http://r-7.co/2pefnui

[ Linux ]  Project Zero guest blog post: "Exploiting the Linux kernel via packet sockets" by @ andreyknvl - https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html

[ Linux ]  A collection of Linux kernel exploitation materials: https://github.com/xairy/linux-kernel-exploitation

[ MalwareAnalysis ]  Malware injected into legitimate WordPress JavaScript file designed to reroute sensitive information https://threatpost.com/session-hijacking-cookie-stealing-wordpress-malware-spotted/125586/ via @ threatpost

[ Others ]  On the #BHISblog today @joff_thyer is tearing it up - "How to Evade Application Whitelisting Using REGSVR32" https://t.co/k5IBHz80WF

[ Others ]  New blog post: Git Shell Bypass By Abusing Less (CVE-2017-8386) https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/

[ Pentest ]  I wrote another blog post about using ETW for Intrusion Detection: https://blogs.technet.microsoft.com/office365security/hidden-treasure-intrusion-detection-with-etw-part-2/ #DFIR #ETW

[ Protocol ]  Reverse Engineering Apple Location Services Protocol https://appelsiini.net/2017/reverse-engineering-location-services/ https://t.co/Pa91YqNFRB

[ Tools ]  JACKHAMMER - Security vulnerability assessment tool https://github.com/olacabs/jackhammer