This is a collection of youtube video series about building a CPU from scratch, please do enjoy.

http://ezl.ink/O

Beginners introduction to soldering and connecting to serial ports.

TLDR; illustrated guide on identifying and interfacing with the serial pinout exposed on the Linksys WAG54G home router, useful for debugging and exploit dev.

Read up: http://ezl.ink/w

Comprehensive malware research can be a difficult task. Before reversing and constructing the timeline, the reverser needs a significant set of samples of the malware from multiple stages of its development. Finding similar samples can be quite difficult, as comparing files at scale is computationally expensive and often unfruitful. Naturally, having a problem with scale and malware, we brought out the big guns: machine learning.

Read up: http://ezl.ink/t

Well, if by a feather's weight you are interested in game dev, these are some links to munch on as you code and render away.

http://alloyed.github.io/agdg-links/

Sometime back we were arguing, intelligently, with thewormkill about how best one can share credentials using a VCS without fear of compromise. How best to write code that needs credentials , testing it, and still have no fear that you will accidentally push it to a version control system like git.

The discussion led to alot of intelligent points and i will discuss afew major ones i can remember:

When it comes to using passwords and username credentials in a script, like for database connections, RPC, emailing and other stuff, Using and environment variable to store it and then calling it from the script would be better and risk free that you might post it accidentally;
Add this to your .bashrc or look for a windows equivalent:export EvilzoneUsername='kenjoe41'; export EvilzonePassword='S0meon3F4ir198e'Then you can easily call this from a script with no fear:import os
usernm = os.environ.get(' EvilzoneUsername')
password = os.environ.get('EvilzonePassword')
#do w/e you want with you pass hereYou can always set it on a new system you are going to us the script on and you are safe or get it from the commandline then store it in an env var and you are good to go. Heroku uses env var heavily: https://devcenter.heroku.com/articles/config-vars

Next risk about putting them in a script directly was easily getting on to VCS, and with the current GIT monitoring, this can get very detrimental. My google search brought me to this discussion which inspired a very good article here: https://gist.github.com/shadowhand/873637 Now this is all about creating an encrypted git repo, which if you experiment well, you could make a submodule in you repo and have only it encrypted while keeping the other repo parts unencrypted. With this, you work isn't encrypted while on your system but encrypted as specified and pushed to git. Quite convenient to have a submodule with passwords and other sensitive data and uploaded to git. Only someone with the passcode can decrypt it on there systems. Risks here are of the usual attacks on encryption, gets more secure the better you set it up.
Talking of PKI, i think i remember blackhat python having a good demonstration of it. Look at this and its parent script: https://github.com/Eid010n/Python/blob/master/Black-Hat-Python/BHP-Code/Chapter9/ie_exfil.py

Now that git repo encryption was and might be in most cases overkill, so the guy that redid that article wrote a tool that if configured well, you can end up just encrypting one file, folder or whole repo if need be. Check it out: https://github.com/shadowhand/git-encrypt Be sure to read the read me.

NOw when all shit goes to hell, or when you are designing and enterprise development architecture, you might consider password containers like Keepass, Truecrypt and others. Some of them have APIs hence they are heavily scriptable like keepass: http://keepass.info/help/v1_sdk/annotated.html

Now with all that being said, read up and give me your views...

Due to its vulnerability to hacks and exploits, many of the Windows and Linux users describe Windows as a very unsafe operating system. However, one Israeli security organization is claiming to work towards to change the impression of Microsoft’s software that people have in their mind.

The Isreali security organization, Morphisec is presently working on making a Windows version that’s essentially not possible to hack, thus making it the appropriate operating system for military operations, which includes controlling of airlines and missiles.

http://www.techworm.net/2015/08/unhackable-version-of-windows-built-by-israeli-security-company.html

Unlike conventional World Wide Web technologies, the Tor Darknet onion routing technologies give users a real chance to remain anonymous. Many users have jumped at this chance – some did so to protect themselves or out of curiosity, while others developed a false sense of impunity, and saw an opportunity to do clandestine business anonymously: selling banned goods, distributing illegal content, etc. However, further developments, such as the detention of the maker of the Silk Road site, have conclusively demonstrated that these businesses were less anonymous than most assumed.

Intelligence services have not disclosed any technical details of how they detained cybercriminals who created Tor sites to distribute illegal goods; in particular, they are not giving any clues how they identify cybercriminals who act anonymously. This may mean that the implementation of the Tor Darknet contains some vulnerabilities and/or configuration defects that make it possible to unmask any Tor user. In this research, we will present practical examples to demonstrate how Tor users may lose their anonymity and will draw conclusions from those examples.
How are Tor users pinned down?

The history of the Tor Darknet has seen many attempts – theoretical and practical – to identify anonymous users. All of them can be conditionally divided into two groups: attacks on the client’s side (the browser), and attacks on the connection.

Source: https://securelist.com/analysis/publications/70673/uncovering-tor-users-where-anonymity-ends-in-the-darknet/