资讯类
Zealot Campaign利用NSA工具在Windows和Linux服务器上传播矿工程序
http://securityaffairs.co/wordpress/66829/cyber-crime/zealot-campaign-nsa-exploits.html
星巴克Wifi利用电脑挖矿,免费网络中暗藏消费陷阱
http://www.bbc.com/news/technology-42338754
Uber被指控贿赂、监控、窃取商业机密
https://news.hitb.org/content/uber-accused-espionage-hacking-and-bribery-bombshell-letter
Face ID又出意外:也许你的同事就能解锁你的手机
https://www.hackread.com/chinese-woman-unlocks-colleague-iphonex-using-face-id/
技术类
async_awake:iOS漏洞工具后续
https://github.com/ninjaprawn/async_awake-fun
Zendesk中的XSS利用
https://medium.com/@shinkurt/exploiting-a-tricky-xss-in-zendesk-80bdeaea4dad
爆破玩家的福音——一键爆破所有服务
可穿戴设备之软件攻击硬件
https://www.youtube.com/watch?v=CWXL3tX00aU
华为P8 wkupccpu debugfs内核缓存溢出
https://blogs.securiteam.com/index.php/archives/3580
通过基本多态引擎实现自制x64编码器
将PS脚本隐藏进PNG像素中并用一行指令去执行它
https://github.com/peewpw/Invoke-PSImage
利用位函数和操作符实现Mysql高效盲注
加密货币乱象:混沌的IOTA
http://codesuppository.blogspot.ca/2017/12/iota-tangled-mess.html
OSDFCon 2017 快速应急响应演示文档
http://www.osdfcon.org/presentations/2017/Asif-Matadar_Rapid-Incident-Response.pdf