Blog Posts

• SFDC Secure Development Cheat Sheet
• How I Built An XSS Worm On Atmail
• In the News: A BGP Hijacking Technical Post-Mortem
• An Overview of BGP Hijacking

Slides

• ISC(2) Phoenix - Effectively Operating a Bug Bounty Program [pdf]
• Converge Detroit - Homebrew Censorship Detection by Analysis of BGP Data [pdf]
• CactusCon 2014 - Malware and the Syrian Civil War [pdf]

Vulns

• CVE-2017-11617 - Stored XSS in atmail
• ByREV WP-PICShield - Cross-Site Request Forgery (CSRF)
• cimy-swift-smtp XSS
• Acknowledgement from Duda | Changelog

Media

• Vice Motherboard - A Roundtable of Hackers Dissects 'Mr. Robot'
• The Intercept - Hit App Sarahah Quietly Uploads Your Address Book
• Forbes - Should You Plug That USB Drive Into Your Computer? (Beware Of Malware)
• eSecurity Planet - Google’s New Disclosure Policy: Helpful, or Who Cares?

Projects

• SyrianMalware.com - Malware samples from the conflict in Syria
• SyriaBGP.net - Monitors AS29386, AS29256, and AS24814
• routeviews-py - Python script to record changes in BGP data from routeviews.org
  • deploy-routeviews-py can be used to quickly deploy routeviews-py and output the data to a graph.