[ Browser ]   Chrome 插件 "Steam Inventory Helper" DOM XSS 漏洞与点击劫持漏洞详：  https://thehackerblog.com/steam-fire-and-paste-a-story-of-uxss-via-dom-xss-clickjacking-in-steam-inventory-helper/index.html

[ Crypto ]  通过示波器提取 TREZOR Bitcoin 硬件钱包的私钥： https://blog.adafruit.com/2018/06/07/extracting-the-private-key-from-a-trezor-bitcoin-wallet-with-a-70-oscilloscope/

[ Exploit ]  YARA 规则的二进制格式探索与漏洞挖掘利用(CVE-2018-12034 & CVE-2018-12035)： https://bnbdr.github.io/posts/swisscheese/

[ Hardware ]  Supermicro 系统中的固件漏洞分析： https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/

[ MalwareAnalysis ]  BlackTech 使用的 PLEAD Downloader 分析： https://blog.jpcert.or.jp/2018/06/plead-downloader-used-by-blacktech.html

[ MalwareAnalysis ]   TrendLabs 发现大量垃圾邮件以税收为主题向北美纳税人分销 URSNIF 银行木马： https://blog.trendmicro.com/trendlabs-security-intelligence/post-tax-season-spam-campaign-delivers-ursnif-to-north-american-taxpayers/

[ Pentest ]  使用 msdt.exe 绕过 UAC 的技巧： https://gist.github.com/homjxi0e/3f130f2ecb270e705afdd5d2955e8b7dVideo: https://www.youtube.com/watch?v=7OSbfqUIQBo

[ ReverseEngineering ]  基于 VM 的 crackme 研讨(paper): https://opctf.opcde.com/opcde_sol_halsten.pdf

[ Sandbox ]  沙盒研究 Part 17：如何点击样本的"同意"按钮： http://www.hexacorn.com/blog/2018/06/08/enter-sandbox-part-17-the-clique-of-clickers/

[ SecurityProduct ]  TrendMicro OfficeScan XG 11.0 防御未授权修改的功能被绕过(CVE-2018-10507): https://www.exploit-db.com/exploits/44858/

[ Tools ]  AutoSQLi - 自动化 SQL 注入工具：  https://github.com/jesuiscamille/AutoSQLi

[ Tools ]  PDFiD - 防御 PDF 盗窃 NTLM 凭证的工具： https://blog.didierstevens.com/2018/05/31/pdfid-gotoe-and-gotor-detection-ntlm-credential-theft/

[ Tools ]  sslmerge - 构建完整 SSL 证书链的工具： https://github.com/trimstray/sslmerge

[ Vulnerability ]  ALC WebCTRL XML 外部实体注入漏洞披露(CVE-2018-8819)： http://seclists.org/fulldisclosure/2018/Jun/21

[ Windows ]  Microsoft 发布《深入解析 Windows 操作系统 》第 7 版，Part 1 的 Errata and updates： https://twitter.com/i/web/status/1004449479859335168