[ Android ]  Interesting new details and great analysis on Google's SafetyNet attestation by @ ikoz: http://koz.io/inside-safetynet-3/

[ Android ]  New Reliable Android Kernel Root Exploitation Techniques - http://powerofcommunity.net/poc2016/x82.pdf

[ Attack ]  BlackNurse attack PoC https://github.com/jedisct1/blacknurse

[ Browser ]  Bypassing Mixed Content Warnings – Loading Insecure Content in Secure Pages https://www.brokenbrowser.com/loading-insecure-content-in-secure-pages/

[ Browser ]  [0day] [PoC] Risky design decisions in Google Chrome and Fedora desktop enable drive-by downloads: https://goo.gl/3FOMdC

[ Browser ]  Microsoft Edge edgehtml CAttr­Array::Destroy use-after-free details https://goo.gl/fb/QhTEX1 #FullDisclosure

[ Cloud ]  Announcing GPUs for Google Cloud Platform https://cloudplatform.googleblog.com/2016/11/announcing-GPUs-for-Google-Cloud-Platform.html?m=1

[ iOS ]  Video from DEF CON 24 - A Journey Through Exploit Mitigation Techniques in iOS now available here - https://www.youtube.com/watch?v=Gu4UJR9nZqM

[ Linux ]  [local] - Linux Kernel 4.4 (Ubuntu 16.04) - BPF Local Privilege Escalation (Metasploit) https://www.exploit-db.com/exploits/40759/

[ Linux ]  #Cryptsetup vulnerability grants root shell access on some #Linux systems - http://bit.ly/2fdTP83 via last week's… https://twitter.com/i/web/status/798644999030120448

[ MachineLearning ]  Minimal and clean #Python implementations of #MachineLearning algorithms. #DataScience https://github.com/rushter/MLAlgorithms https://t.co/9RGfZOnZKL

[ Malware ]  #Carbanak attacks shift to #hospitality sector - http://bit.ly/2fe95Sr

[ MalwareAnalysis ]  Crysis ransomware masterkeys published http://pastebin.com/x1NydTHZ

[ Others ]  So cool! Concurrent CertiKOS is 6500 lines of C/x86 and fully verified in Coq. Paper, by @zshao5 and crew: https://t.co/W0T1uZaUJJ

[ Others ]  @ Agarri_FR @ binitamshah You can also check the filter bypasses of @ commixproject https://github.com/commixproject/commix/wiki/Filters-Bypasses

[ Others ]  Exploit kits exposed: #Unit42's report on the ecosystem behind these attacks and how to prevent them http://oak.ctx.ly/r/58nv3

[ Others ]  Reversing & Decrypting Database Credentials using Damn Vulnerable Thick Client App (Part 1 - 10) : http://resources.infosecinstitute.com/practical-thick-client-application-penetration-testing-using-damn-vulnerable-thick-client-app-part-1/#article cc @ InfosecEdu

[ Tools ]  @ subTee Very interesting :)Execute shellcode from XSLT file.Just combine your two codes:https://github.com/3gstudent/Execute-CSharp-From-XSLT-TEST/

[ Virtualization ]  QEMU+KVM & XEN Pwn: virtual machine escape from “Dark Portal” - http://powerofcommunity.net/poc2016/wei.pdf

[ Vulnerability ]  Crashing Stacks Without Squishing Bugs: Advanced Vulnerability Analysis http://blogs.cisco.com/security/talos/crashing-stacks-without-squishing-bugs-advanced-vulnerability-analysis

[ Windows ]  Windows Kernel Registry Hive loading: out-of-bounds read in nt!RtlEqualSid https://bugs.chromium.org/p/project-zero/issues/detail?id=874

[ Windows ]  These are some neat #PoC16 slides from @ brian_pak on effective patch analysis for Microsoft updates!… https://twitter.com/i/web/status/798517394222223360

[ Windows ]  #PacSec decks are up! Go check @j00ru's crazy 150 slides on Windows Metafiles and the EMF attack surface...… https://t.co/QWMJiJ7PKc

[ Windows ]  LSASS SMB NTLM Exchange Remote Memory Corruption https://cxsecurity.com/issue/WLB-2016110128