[ Android ]    Android 内核非常见 UAF 漏洞的利用，来自科恩实验室申迪(Retme)在 PacSec 2017 会议的演讲：  https://speakerdeck.com/retme7/the-art-of-exploiting-unconventional-use-after-free-bugs-in-android-kernel 

[ Debug ]    基于 Hypervisor 的高效远程调试技术，来自 AVTokyo 会议：  https://speakerdeck.com/rkx1209/more-efficient-remote-debugging-with-thin-hypervisor  

[ Linux ]   Linux系统上存在基础认证的 x86_64 TCP bind shellcode： https://pentesterslife.blog/2017/11/01/x86_64-tcp-bind-shellcode-with-basic-authentication-on-linux-systems/

[ Pentest ]   渗透测试工程师的子域名收集指南： https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6

[ Popular Software ]   CrowdStrike 对 CCleaner 后门 Shellcode Stage 2 Payload 的深度分析：  https://www.crowdstrike.com/blog/in-depth-analysis-of-the-ccleaner-backdoor-stage-2-dropper-and-its-payload/ 

[ Tools ]   .NET Native Code hook 技术及相应的工具：  https://github.com/tandasat/DotNetHooking 

[ Vulnerability ]  wget HTTP 整型溢出漏洞（CVE-2017-13089）： https://xorl.wordpress.com/2017/11/11/cve-2017-13089-wget-http-integer-overflow/

[ Vulnerability ]  思科ASA系列第8部分：IKEv1 上的 CVE-2016-1287 堆溢出利用： https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/november/cisco-asa-series-part-eight-exploiting-the-cve-2016-1287-heap-overflow-over-ikev1/