[ Browser ]  #DailyBug CVE-2015-1251 #Chrome blink SpeechRecognitionController use-after-free http://blog.skylined.nl/20161123001.html

[ Debug ]  Effective Performance Analysis and Debugging http://scholarworks.umass.edu/cgi/viewcontent.cgi?article=1687&context=dissertations_2

[ macOS ]  A practical guide to securing macOS (macOS-Security-and-Privacy-Guide) : https://github.com/drduh/macOS-Security-and-Privacy-Guide

[ Malware ]  #InPage #0day used in attacks against banks - http://bit.ly/2f6lCLA

[ MalwareAnalysis ]  TeleCrypt – the ransomware abusing Telegram API – defeated! https://blog.malwarebytes.com/threat-analysis/2016/11/telecrypt-the-ransomware-abusing-telegram-api-defeated/

[ Mobile ]  ITU published the 2016 edition of their list of E.212 Mobile Network Codes (MNC) http://www.itu.int/pub/T-SP-E.212B-2016

[ Others ]  We integrated @ QubesOS Split GPG server in the USB armory, documentation available here: https://github.com/inversepath/usbarmory/blob/master/software/buildroot/README-Qubes_Split_GPG.md https://t.co/tLK8ZegrTN

[ Others ]  My slides from @ kiwicon on GPS spoofing, time manipulation & bypassing TOTP are up. https://zxsecurity.co.nz/presentations/201611_Kiwicon-ZXSecurity_GPSSpoofing_LetsDoTheTimewarpAgain.pdf (always happy to talk) #kiwicon

[ Others ]  Slides "Excite project: All the truth about Symbolic Execution for BIOS security" #ZeroNights Kudos to Ilia Safonov! https://github.com/REhints/Publications/blob/master/Conferences/ZeroNights_2016/Excite_Project_ZN.pdf

[ Pentest ]  MAPI over HTTP and Mailrule Pwnage - https://sensepost.com/blog/2016/mapi-over-http-and-mailrule-pwnage/

[ Pentest ]  Here is our pentest & code audit report on cURL: https://cure53.de/pentest-report_curl.pdf Thanks to all involved, more info here: https://t.co/6bewduD3xD

[ Popular Software ]  Stored Cross-Site Scripting in Gallery - Image Gallery WordPress Plugin https://goo.gl/fb/QNPhIx #FullDisclosure

[ Protocol ]  Analysis of #OpenSSL ChaCha20-Poly1305 Heap Buffer #Overflow (CVE-2016-7054) http://blog.fortinet.com/2016/11/23/analysis-of-openssl-chacha20-poly1305-heap-buffer-overflow-cve-2016-7054 #Fortinet

[ Tools ]  KASLRfinder released! Find Win10 kernel/driver addresses by timing TSX ops on Skylake CPUs. https://github.com/ufrisk/kaslrfinder

[ Tools ]  NCC Group Tool Release: DriverBuddy an IDAPython plugin that helps automate reveng of Windows kernel drivers - https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/november/driverbuddy-tool-release/

[ Tools ]  Brutal - Toolkit to quickly create various Payload, PowerShell Attack, Virus Attack and Launch Listener for a HID http://www.kitploit.com/2016/11/brutal-toolkit-to-quickly-create.html