[ Android ]  Android Studio 2.3 Canary 2 is now available. Read all about the changes here: https://goo.gl/hpg3ja

[ Browser ]  New Firefox/Tor Browser 0-day vulnerability discovered in the wild (being exploited against Tor users). https://t.co/e1Yi65Ysbf

[ Browser ]  #DailyBug Google #Chrome Accessibility blink::Node corruption details http://blog.skylined.nl/20161129001.html

[ Debug ]  Introducing Fldbg, a Pykd script to debug FlashPlayer - http://offs.ec/2fMXgVT

[ Detect ]  Detecting crypto ransomware based on HTTP traffic characteristics (Cryptowall & Locky tested) https://arxiv.org/pdf/1611.08294v1.pdf (by @ wmazurczyk)

[ Hardware ]  Intel GPU (micro)architecture summary & some detail https://software.intel.com/sites/default/files/managed/89/92/Intel-Graphics-Architecture-ISA-and-microarchitecture.pdf from slide 23 and on; h/t @ TheKanter

[ IoTDevice ]  PoC (works in qemu only) of RCE affecting 35+ IoT cameras from 7+ vendors. 32+ of those pwned by 1 GET request. https://t.co/BB8flkksTN

[ MalwareAnalysis ]  Cerber Spam: Tor All the Things! http://blog.talosintel.com/2016/11/cerber-spam-tor.html

[ Others ]  Our SafeStack from the Code Pointer Integrity paper at OSDI'14 is now used in HardenedBSD. Go harden all the things! https://t.co/jnB6QZm5U1

[ Others ]  Great documentation on configuring/auditing Windows 10 Virtualization-based Security (VBS) settings. https://technet.microsoft.com/en-us/itpro/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security

[ Others ]  Project Zero blog: "Breaking the Chain" by @ tiraniddo - https://goo.gl/LFt4pz

[ Others ]  Our Threats Predictions report is out now. Read our forecast on 2017 threats and attack vectors:… https://twitter.com/i/web/status/803474852820746240

[ Others ]  Can naive assembly beat a modern C++ compiler? Beating The Compiler - http://www.codersnotes.com/notes/beating-the-compiler/

[ Pentest ]  My PowerShell Obfuscation talk from @ hacktivityconf is now up: https://www.youtube.com/watch?v=uE8IAxM_BhE

[ Protocol ]  The TR-069 Exploit: https://terrorbyte.org/tr069-request.txt Payload: https://terrorbyte.org/Telekom-Payload

[ Tools ]  CyberChef (The Cyber Swiss Army Knife) : a web app for encryption, encoding, compression and data analysis : https://github.com/gchq/CyberChef

[ Tools ]  Automated WiFi time / data limit evasion using WPAD : https://github.com/violentshell/Rollmac

[ Tools ]  NEW Update for #xAnalyzer plugin for #x64dbg..automatic loops detection and generic arguments added...more at: https://t.co/G71OIi0c2X

[ Tools ]  PANDA 2.0 is live – now based on latest version of QEMU! http://mailman.mit.edu/pipermail/panda-users/2016-November/000535.html

[ Tools ]  Understand binary parsing using @kaitai_io WebIDE on a new avatao learning path from @koczkatamas. Thank you!… https://t.co/TRd5APB4ku

[ Vulnerability ]  WinPower V4.9.0.4 Privilege Escalation http://security.szurek.pl/winpower-v4904-privilege-escalation.html #exploit #0day

[ Vulnerability ]  An update on MD5 poisoning : https://blog.silentsignal.eu/2016/11/28/an-update-on-md5-poisoning/

[ Windows ]  Taking your first steps into 64-bit Windows exploitation? Check out our paper on porting MS08-067 to 64-bit systems https://labs.mwrinfosecurity.com/publications/hello-ms08-067-my-old-friend/

[ Windows ]  SHIFT-F10 during Windows Update pops CMD and bypasses Bitlocker http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html