[ Hardware ]    Retpoline - Intel 用于缓解 CPU 幽灵 Spectre 变种 2 分支目标注入攻击（Branch Target Injection）的措施： https://software.intel.com/sites/default/files/managed/1d/46/Retpoline-A-Branch-Target-Injection-Mitigation.pdf

[ Industry News ]  据 Imperva 调查发现，多达90%的远程代码执行漏洞被利用于加密货币挖矿： https://www.imperva.com/blog/2018/02/new-research-crypto-mining-drives-almost-90-remote-code-execution-attacks/

[ iOS ]  Breaking into iOS 11：  https://blog.elcomsoft.com/2018/02/breaking-into-ios-11/

[ Linux ]   Linux ASLR and GNU Libc：地址空间布局的计算与 "Stack Canary" 的 Bypass： https://github.com/blackzert/aslur/raw/master/offensivecon-talk.pdf

[ Linux ]  Linux 提权指南： https://payatu.com/guide-linux-privilege-escalation/

[ MalwareAnalysis ]  针对最新版 Elise 恶意软件的分析：  https://www.joesecurity.org/blog/8409877569366580427

[ MalwareAnalysis ]  针对 Brazilian Banker 恶意软件的分析：  https://isc.sans.edu/diary/23359

[ Others ]  Sponge-Based Control-Flow Protection for IoT Devices（paper）：  https://arxiv.org/pdf/1802.06691.pdf

[ Pentest ]   通过劫持 COM 对象实现横向渗透：  https://homjxi0e.wordpress.com/2018/02/19/hijacking-com-for-execute-lateral-movement-in-mode-explorer/

[ Popular Software ]    utorrent 被发现多个 JSON-RPC 相关的 RCE、信息泄露漏洞：  https://bugs.chromium.org/p/project-zero/issues/detail?id=1524 

[ Tools ]  WebEye-自动化恶意 HTTP 流量收集 (Paper)：  https://arxiv.org/pdf/1802.06012.pdf

[ Tools ]   DVHMA - 一套 Android 漏洞学习、实战环境： https://github.com/logicalhacking/DVHMA 

[ Tools ]   gitleaks - 从整个 git 仓库的历史中搜寻敏感数据的工具： https://github.com/zricethezav/gitleaks

[ Tools ]  IDAPythonEmbeddedToolkit - 用于自动化分析嵌入式设备固件的 IDAPython 脚本： https://github.com/maddiestone/IDAPythonEmbeddedToolkit

[ Web Security ]   CSS-Keylogging - 巧妙利用 CSS Selector，通过 CSS 偷用户输入的密码：  https://github.com/maxchehab/CSS-Keylogging 

[ Windows ]   利用空字符 Bypass Windows 10 的 AMSI 反病毒扫描接口，执行恶意 PowerShell 脚本。该漏洞本月补丁中已经被修复：  http://standa-note.blogspot.com/2018/02/amsi-bypass-with-null-character.html

[ Windows ]   基于 "Microsoft.VisualBasic.Interaction" 实现 PowerShell Assembly 字节码反射式代码执行：  https://twitter.com/i/web/status/965670898379476993

[ WirelessSecurity ]  BLE 4.0 通信的逆向与利用：  https://payatu.com/reversing-exploiting-ble-4-0-communication/