[ Backdoor ]  UEFI Bootkits 开发（Video），来自 OffensiveCon 2018： https://www.youtube.com/watch?v=dpG97TBR3Ys

[ Challenges ]  Reverse Engineering challenges： https://challenges.re/

[ Crypto ]  以太坊 ERC20 智能合约出现 proxyOverflow 漏洞(CVE-2018-10376)： https://www.peckshield.com/2018/04/25/proxyOverflow/batchOverflow 漏洞 (CVE-2018–10299)： https://medium.com/@ranimes/alert-new-batchoverflow-bug-in-multiple-erc20-smart-contracts-cve-2018-10299-511067db6536OKEx 宣布暂停 ERC-20 提现   ： https://support.okex.com/hc/en-us/articles/360003019292

[ Crypto ]  Protecting RSA-based Protocols Against Adaptive Chosen-Ciphertext Attacks: https://paragonie.com/blog/2018/04/protecting-rsa-based-protocols-against-adaptive-chosen-ciphertext-attacks

[ Data Breach ]  Bezop 加密货币的服务器因 MongoDB 配置不当泄漏了 25K 投资者私人资料： https://threatpost.com/bezop-cryptocurrency-server-spills-25k-in-private-investor-promoter-data/131417/

[ Exploit ]  漏洞利用开发中的自动化堆布局： https://arxiv.org/pdf/1804.08470.pdf

[ Fuzzing ]  Fuzzing Adobe Reader 寻找可利用的漏洞： https://kciredor.com/fuzzing-adobe-reader-for-exploitable-vulns-fun-not-profit.html

[ IoTDevice ]  物联网安全威胁建模,来自 Microsoft Azure blog： https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-security-architecture

[ MalwareAnalysis ]   McAfee 对信息窃取活动 Operation GhostSecret 的分析： https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide

[ Network ]   Amazon Route53 DNS 服务 BGP 劫持事件详情: https://blog.cloudflare.com/bgp-leaks-and-crypto-currencies/

[ Popular Software ]  TrustPort Management 未授权远程代码执行漏洞披露： https://blogs.securiteam.com/index.php/archives/3685

[ Popular Software ]  Drupal 发布高危漏洞补丁（CVE-2018-7602）: https://www.drupal.org/sa-core-2018-004

[ Side Channel ]  BranchScope - 定向分支预测器的新型侧信道攻击(Paper)：  http://www.cs.ucr.edu/~nael/pubs/asplos18.pdf 

[ Tools ]  WHP - 攻击 Windows 环境的工具包: https://github.com/51x/WHP

[ Tools ]  PortWitness - 自动收集子域名并扫描其端口检测子域名状态的工具： https://github.com/viperbluff/PortWitness

[ Tools ]   mercuryiss-kali：Kali Linux Docker 容器: https://github.com/ac-mercury/mercuryiss-kali

[ Tools ]  eternal_check - NSA 泄漏的 Eternal 系列漏洞的检测工具: https://github.com/peterpt/eternal_check

[ Tools ]  使用 Polymorph 框架搭建用于 MQTT 协议的简单代理模糊测试框架： https://www.exploit-db.com/docs/english/44506-building-a-proxy-fuzzer-for-mqtt-with-polymorph-framework.pdf

[ Tools ]  用于 SSRF 测试的云主机 Metadata 地址收集: https://gist.github.com/jhaddix/78cece26c91c6263653f31ba453e273b

[ Tools ]  Microsoft Edge DevTools Preview app 发布： https://blogs.windows.com/msedgedev/2018/04/25/introducing-the-microsoft-edge-devtools-preview-app/

[ Vulnerability ]  西部数码 My Cloud EX2 NAS 设备存在文件泄漏漏洞: https://threatpost.com/western-digital-my-cloud-ex2-nas-device-leaks-files/131447/