Powershell Payload Delivery via DNS using Invoke-PowerCloud - Red Teaming Experiments
https://ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud

A popular WordPress plugin leaked access tokens capable of hijacking Twitter accounts – TechCrunch
https://techcrunch.com/2019/01/17/wordpress-plugin-leaked-twitter-account-access-tokens/

How to Find Hidden Cameras and Spy Bugs (The Professional Way) - Sentel Tech Security
https://www.senteltechsecurity.com/blog/post/how-to-find-hidden-cameras/

GitHub - kgretzky/evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
https://github.com/kgretzky/evilginx2

How to write a rootkit without really trying | Trail of Bits Blog
https://blog.trailofbits.com/2019/01/17/how-to-write-a-rootkit-without-really-trying/

Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE – Embedi
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/

GhostProject
https://ghostproject.fr/

DarkHydrus APT Uses Google Drive to Send Commands to RogueRobin Trojan
https://www.bleepingcomputer.com/news/security/darkhydrus-apt-uses-google-drive-to-send-commands-to-roguerobin-trojan/

Get Reverse-shell via Windows one-liner
https://www.hackingarticles.in/get-reverse-shell-via-windows-one-liner/

HOW A 8 LINES OF CODE CAN STEAL YOUR MONEY ! – Vjk – Medium
https://medium.com/@vjkhere/how-a-8-lines-of-code-can-steal-your-money-6eea463eae19

An intro to pentesting an Android phone – Thao N. Vo – Medium
https://medium.com/@tnvo/an-intro-to-pentesting-an-android-phone-464ec4860f39

Bypass EDR’s memory protection, introduction to hooking
https://medium.com/@fsx30/bypass-edrs-memory-protection-introduction-to-hooking-2efb21acffd6

How to get started with Malware Analysis and Reverse Engineering - 0ffset
https://0ffset.net/miscellaneous/how-to-get-started-with-malware-analysis/

GitHub - trimstray/technical-whitepapers: Collection of IT whitepapers, presentations, pdfs; hacking, web app security, db, reverse engineering and more; EN/PL.
https://github.com/trimstray/technical-whitepapers

Top 10 Exploit Databases for Finding Vulnerabilities « Null Byte :: WonderHowTo
https://null-byte.wonderhowto.com/how-to/top-10-exploit-databases-for-finding-vulnerabilities-0189314/

Linux Privilege Escalation – Using apt-get/apt/dpkg to abuse sudo “NOPASSWD” misconfiguration – Logan S Diomedi – lsdsecurity
https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/

Black Energy – Analysis – Marcus Edmondson | Malware Analysis | Security Analytics
https://marcusedmondson.com/2019/01/18/black-energy-analysis/

Quick demo of the new Javascript injection feature, coming in Evilginx 2.3 - pre-filling the target's email address on Google's sign-in page, during a phishing attack. 2FA bypassed and Google account page fully working, through proxy, after successful authentication. https://t.co/iqAzRpruDd

inputzero: Fuzzing HTTP Server (PDF.js) | Dhiraj Mishra
https://www.inputzero.io/2019/01/fuzzing-http-servers.html

A More Advanced Recon Automation #1 (Subdomains) – 003Random’s Blog
https://poc-server.com/blog/2019/01/18/advanced-recon-subdomains/

An inside look at nation-state cyber surveillance programs
https://blog.lookout.com/shmoocon-2019#.XEeMfNwW1y8.twitter