[ Crypto ]  RSA 签名故障分析： https://blog.trailofbits.com/2018/08/14/fault-analysis-on-rsa-signing/

[ Language ]  在 Python 中编写和修复易受攻击的 XML 解析代码： https://laconicwolf.com/2018/08/13/writing-and-fixing-vulnerable-xml-parsing-code-in-python/

[ MalwareAnalysis ]   Red Eyes 黑客组织的详细分析报告： https://global.ahnlab.com/global/upload/download/techreport/[AhnLab]%20Red_Eyes_Hacking_Group_Report%20(1).pdf

[ Mobile ]  TrustKit SSL pinning 绕过研究: https://kov4l3nko.github.io/blog/2018-08-14-trustkit-bypass/

[ Others ]   检测 AWS 环境下的用户权限提升方法的脚本 aws_escalate.py 发布： https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/aws_escalate.py

[ Pentest ]  通过 APACHE ACCESS LOG 来利用 LFI 漏洞: https://roguecod3r.wordpress.com/2014/03/17/lfi-to-shell-exploiting-apache-access-log/

[ Pentest ]  如何使 Empire 躲避基于异常流量的 NIDS 检测： https://utkusen.com/blog/bypassing-anomaly-based-nids-with-empire.html

[ Pentest ]  DNS C2 Part 3：使用 DNS： https://lo-sec.ninja/red%20team/pentest/c2/dns/2018/08/12/dnscat2-part3-dissect-dns-comms.html    Part 2: https://lo-sec.ninja/red%20team/pentest/c2/dns/2018/07/18/dnscat2-part2-setting-dnscat2-use.html   Part 1： https://lo-sec.ninja/red%20team/pentest/c2/dns/2018/07/17/dnscat2-part1-setting-up-dns-in-namecheap.html

[ Pentest ]  Windows 凭据钓鱼: https://blog.fox-it.com/2018/08/14/phishing-ask-and-ye-shall-receive/

[ Popular Software ]  语音邮件破坏：在MICROSOFT EXCHANGE SERVER上获取远程代码执行(CVE-2018-8302) ： https://www.zerodayinitiative.com/blog/2018/8/14/voicemail-vandalism-getting-remote-code-execution-on-microsoft-exchange-server

[ Popular Software ]  Oracle GlassFish Server 开源 4.1 版 - 路径遍历漏洞 Metasploit 利用模块(CVE-2017-1000028) : https://www.exploit-db.com/exploits/45196/

[ Processor ]  Intel L1 Terminal Fault (L1TF) 系列漏洞是推测执行导致的侧信道攻击，可以泄漏受保护的数据。以下文章包括漏洞细节及相关的缓解措施 https://foreshadowattack.eu/Intel: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault； https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.htmlGoogle： https://cloud.google.com/blog/products/gcp/protecting-against-the-new-l1tf-speculative-vulnerabilities；Microsoft： https://blogs.technet.microsoft.com/virtualization/2018/08/14/hyper-v-hyperclearRedhat： https://access.redhat.com/security/vulnerabilities/L1TF

[ SecurityAdvisory ]   Intel 发布安全公告，包括三个新推测执行 CPU 漏洞: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

[ SecurityAdvisory ]  Microsoft 发布 8 月安全公告: https://portal.msrc.microsoft.com/en-us/security-guidance/acknowledgments

[ SecurityAdvisory ]  Adobe 发布 8 月安全公告，本次共修复 11 个漏洞，其中包含两个严重（Critical）漏洞： https://helpx.adobe.com/security.html   https://threatpost.com/adobe-patch-tuesday-release-fixes-critical-acrobat-and-reader-flaws/135058/

[ SecurityProduct ]  Palo Alto 防火墙 SSL/TLS 拦截的白名单列表分享： https://twitter.com/i/web/status/1028352671147732992

[ Tools ]  BrokenType - 帮助 j00ru 在 Windows 内核和用户模式的 Uniscribe 库中找到 39 个字体漏洞的 Fuzzing 工具集： https://github.com/google/BrokenType

[ Tools ]  2018 BlackHat 工具列表： https://github.com/1522402210/2018-BlackHat-Tools-List

[ Tools ]  Microsoft 安全公告的 Excel 列表，包含 KB 编号： https://twitter.com/i/web/status/1029371051392868352

[ Vulnerability ]  通过破解语音邮件系统来破坏在线帐户: https://www.martinvigo.com/voicemailcracker/

[ Windows ]  Windows 利用技巧：利用任意对象目录创造本地特权提升，来自 Project Zero blog： https://googleprojectzero.blogspot.com/2018/08/windows-exploitation-tricks-exploiting.html