资讯类
又有三个WordPress插件被发现存在后门
https://www.bleepingcomputer.com/news/security/three-more-wordpress-plugins-found-hiding-a-backdoor/
奥巴马网络安全专员告诉你如何保护网上购物安全
趋势科技发布的勒索软件解密器未遵守GPL协议
Opera浏览器开始启用内部保护程序对抗挖矿脚本
https://cryptovest.com/news/crypto-mining-scripts-latest-opera-version-includes-built-in-protection/
Tastylock Cryptomix勒索软件变种出现
https://www.bleepingcomputer.com/news/security/tastylock-cryptomix-ransomware-variant-released/
技术类
iOS内核漏洞利用探耽求究
https://media.ccc.de/v/34c3-8720-ios_kernel_exploitation_archaeology
iPhone X Home“键”的内在分析
http://blog.zats.io/2017/12/27/iPhone-X-home-button/
2^5位指令集TCP Bind Shell
https://azeria-labs.com/tcp-bind-shell-in-assembly-arm-32-bit/
SaaS中的SSL初探
https://blog.cloudflare.com/introducing-ssl-for-saas/
走向Web开发巅峰之路的经验教训
https://medium.freecodecamp.org/how-to-be-an-uncommonly-good-web-developer-7f745978351f
Cisco iOS 1day利用
https://media.ccc.de/v/34c3-8936-1-day_exploit_development_for_cisco_ios
Wifi Direct Protocol攻击实现
关于C2的设计与思考
http://www.invokethreat.actor/2017/12/thoughts-on-c2-designs-and-tradecraft.html
Steam漏洞利用PoC