[ Attack ]  #papertweet for #ccs16: "Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR" https://gruss.cc/files/prefetch.pdf

[ Browser ]  CSP Evaluator and CSP Mitigator available for web app developers https://threatpost.com/new-google-tools-help-devs-improve-content-security-policy-protection/120894/ via @ threatpost

[ Browser ]  Introducing Windows Defender Application Guard for Microsoft Edge https://blogs.windows.com/msedgedev/2016/09/27/application-guard-microsoft-edge/ https://t.co/3XG4nOf9u6

[ Browser ]  IE/Edge Workers SOP bypass using leaked script errors thanks to base href or importScripts) http://www.brokenbrowser.com/workers-sop-bypass-importscripts-and-basehref/ https://t.co/1kse7COZvJ

[ Browser ]  ZDI-16-527: Apple Safari HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-527/

[ Hardware ]  Code signing check is now in place to protect critical firmware of Tesla vehicles https://twitter.com/a_greenberg/status/780762975137361920

[ iOS ]  Local privilege escalation for OS X 10.11.6 via PEGASUS Write up: https://jaq.alibaba.com/community/art/show?articleid=532 Exp:… https://t.co/r56jxZ99Im

[ Linux ]  Linux Kernel 4.6.3 Netfilter Privilege Escalation https://packetstormsecurity.com/files/138854/netfilter_priv_esc.rb.txt

[ Linux ]  My notes on Linux kernel security things continues with v4.5: https://outflux.net/blog/archives/2016/09/27/security-things-in-linux-v4-4/

[ MachineLearning ]  Defeating n-gram Scores for HTTP Attack Detection http://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=1489&context=etd_projects

[ Malware ]  Threat Spotlight: GozNym http://blog.talosintel.com/2016/09/goznym.html

[ Operating System ]  #Include os - From bootloader to REST API with the new C++ - http://www.slideshare.net/IncludeOS/include-ltos-from-bootloader-to-rest-api-with-the-new-c

[ Others ]  Introducing osquery for Windows - https://blog.trailofbits.com/2016/09/27/windows-network-security-now-easier-with-osquery/ - https://www.facebook.com/notes/protect-the-graph/introducing-osquery-for-windows/1775110322729111 nice job @ osquery @ trailofbits

[ Others ]  RETracer: Triaging Crashes by Reverse Execution from Partial Memory Dumps http://softsec.kaist.ac.kr/~sangkilc/papers/cui-icse16.pdf https://t.co/SJZJKhpX2G

[ Others ]  Adobe Flash local-with-filesystem sandbox bypass: end of the love story between Flash and local files http://lab.truel.it/flash-sandbox-bypass/

[ Others ]  malware-jail Sandbox for semi-automatic Javascript malware analysis, deobfuscation & payload extraction https://t.co/udWR2NWMnz

[ Others ]  Great resource #javadeser Java deserialization portal by @ antyurin via @ Dinosn https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet [see also… https://t.co/7ObRsANiPb

[ Tools ]  dripcap Caffeinated packet analyzer https://dripcap.org/ https://t.co/KAAJX3xhrU

[ Windows ]  Microsoft removed Windows Journal from its OSs due to security flaws http://securityaffairs.co/wordpress/51678/hacking/windows-journal-removal.html

[ Windows ]  I am interested in sample code http://PackageNonOfficeFiles.zip published by @ jones206 in https://blogs.msdn.microsoft.com/brian_jones/2009/07/21/embedding-any-file-type-like-pdf-in-an-open-xml-file/ Link is dead. Anyone can help?