- Mobile Security News Update December 2015
- Reverse Engineering the Yik Yak Android App
- Exploring Android's SELinux Kernel Policy
- Android Sensor Integration Part 1: Sensor Stack and Kernel Module, part 1, part 2, part 3
- Changelog for NDK Build 2490520
- PSA: Everyone should be switching to Clang.
- GCC in the NDK is now deprecated.
- Binutils: Unified binutils source between Android and ChromiumOS.
- Jumping The Fence – How Detecting Malicious PHP Files Isn’t That Easy.
- Vulnerable examples
- Apache 2.4.17 - Denial of Service
- PHP 7.0.0 - Format String Vulnerability
- A Hardcore XSS
- Compromising PressPlay with $800
- An Introduction to Backdooring Operating Systems
- #OLEOutlook - bypass almost every Corporate security control with a point’n’click GUI
- 再利用Chakra引擎绕过CFG (Chinese)
- crackle: cracks BLE Encryption (AKA Bluetooth Smart)
- F-Secure see: Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments.
- IEFuzz - A Static Internet Explorer Fuzzer
- PyCat:Pycat is a python replacement tool for netcat.
- dnschan: This is a trojan that runs over DNS.
- pdbex: pdbex is a utility for reconstructing structures and unions from the PDB files into compilable C headers.
- VisUAL: A highly visual ARM emulator.
- IdaHaskell: Allows to execute haskell code in Ida Pro.
- An Easy Way to Secure Java Applications
- Why it’s harder to forge a SHA-1 certificate than it is to find a SHA-1 collision
- On the Juniper backdoor
- Reverse engineering the ARM ALU
- Some Analysis of the Backdoored Backdoor
- Heap Tracking
- A (mostly) useful debugger on z/OS
- A History of Hard Choices
- Extracting the Private Key from a TREZOR
- ekoparty Security Conference - 11th edition, video
The resources are collected in various sources such as blog feeds, Twitter and Weibo. Here, I list some of my personally favorite sources.