[ Android ]  Project Walrus - 在 Android 上辅助使用各种卡片克隆设备的应用： https://download.ernw-insight.de/troopers/tr18/slides/TR18_LT_Project-Walrus.pdf

[ APT ]  针对金融机构的 APT 攻击研究，来自 BlackHat Asia 2018： https://www.blackhat.com/docs/asia-18/asia-18-Shen-Jang-Nation-State%20Moneymule%20hunting%20season.pdf

[ Crypto ]  利用 Ethereum 与 Raspberry Pi 创建私有区块链： https://www.rs-online.com/designspark/exploring-ethereum-with-raspberry-pi-part-2-creating-a-private-blockchain

[ Firmware ]  逆向分析 UEFI: https://lightbulbone.com/posts/2018/03/uefi-ninja/

[ Fuzzing ]  使用 WinAFL 来 Fuzz MSXML6 library: https://symeonp.github.io/2017/09/17/fuzzing-winafl.html

[ Linux ]  return-to-csu：一种绕过 64 位 Linux ASLR 的新方法，来自 BlackHat Asia 2018： https://www.blackhat.com/docs/asia-18/asia-18-Marco-return-to-csu-a-new-method-to-bypass-the-64-bit-Linux-ASLR-wp.pdf

[ MalwareAnalysis ]   深入分析伊朗威胁组织 "Chafer" 使用的恶意软件：使用 Autoit 和 PowerShell 进行持久化攻击： http://www.vkremez.com/2018/03/investigating-iranian-threat-group.html

[ Web Security ]  通过 BLIND OOB XXE 获取文件系统访问权限： https://hawkinsecurity.com/2018/03/24/gaining-filesystem-access-via-blind-oob-xxe/

[ Web Security ]   SSRF 漏洞的新时代 - 针对 URL 解析器的利用，来自 BlackHat Asia 2018： https://www.blackhat.com/docs/asia-18/asia-18-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages_update_Thursday.pdf

[ Windows ]  调用 msrepl40.dll 的导出函数执行任意一个名为 mstran40.exe 的可执行文件的方法： http://www.hexacorn.com/blog/2018/03/25/running-programs-via-proxy-jumping-on-a-edr-bypass-trampoline-part-6/

[ Windows ]  Windows 注册表审计指南： https://static1.squarespace.com/static/552092d5e4b0661088167e5c/t/5a00963153450a8779b23489/1509987890282/Windows

[ WirelessSecurity ]  AES 无线键盘的窃听攻击，来自 BlackHat Asia 2018： https://www.blackhat.com/docs/asia-18/asia-18-Kim-AES-Wireless-Keyboard-Template-Attack-for-Eavesdropping.pdf