[ Android ]  How I Hacked BlackHat 2018： https://ninja.style/post/bcard/

[ Android ]  Android 应用逆向系列教程： 1）Part 1: https://www.peerlyst.com/posts/how-to-start-reverse-engineering-on-android-application-ankit-mishra  2)Part 2： https://www.peerlyst.com/posts/how-to-start-reverse-engineering-on-android-application-part-2-ankit-mishra  3)Part 3: https://www.peerlyst.com/posts/how-to-start-reverse-engineering-on-android-application-part-3-ankit-mishra  4)Part 4: https://www.peerlyst.com/posts/how-to-start-reverse-engineering-on-android-application-part-4-ankit-mishra

[ Browser ]  JSC漏洞（CVE-2018-4262）的Exploit: https://github.com/wzw19890321/Exploits/tree/master/CVE-2018-4262

[ Browser ]  在浏览器中使用 WebAssembly 模拟运行 Windows 2000： https://twitter.com/i/web/status/1031898581848875008

[ Industry News ]  现在 Hybrid Analysis 提供免费和即时的 YARA 和二进制模式搜索规则来扫描 PB 量级的恶意软件: http://hybrid-analysis.blogspot.com/2018/08/crowdstrike-donates-falcon-malquery-for.html

[ IoTDevice ]  Wemo Insight 智能插座存在缓冲区溢出漏洞可导致远程代码执行，并可任意控制网络内的智能电视: https://securingtomorrow.mcafee.com/mcafee-labs/insight-into-home-automation-reveals-vulnerability-in-simple-iot-product/

[ Language ]  .NET Runtime 中的监视和观察： http://mattwarren.org/2018/08/21/Monitoring-and-Observability-in-the-.NET-Runtime/

[ Linux ]  Kali Linux 2018.3 更新内容概览： https://www.kitploit.com/2018/08/kali-linux-20183-release-penetration.html

[ Malware ]  使用 Radare2 模拟解密函数： http://www.mien.in/2018/08/14/emulating-decryption-function-with-radare2/

[ MalwareAnalysis ]  针对 Ryuk 勒索软件的分析调查： https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/

[ MalwareAnalysis ]  新的钓鱼邮件活动使用包含恶意 URL 的 Microsoft Office Publisher 文件传播FlawedAmmyy 木马： https://threatpost.com/unique-malspam-campaign-uses-ms-publisher-to-drop-a-rat-on-banks/136656/

[ MalwareAnalysis ]  针对韩国组织的供应链攻击分析调查： https://blog.trendmicro.com/trendlabs-security-intelligence/supply-chain-attack-operation-red-signature-targets-south-korean-organizations/

[ OpenSourceProject ]  OpenSSH 用户枚举漏洞 (CVE-2018-15473)分析： https://blog.nviso.be/2018/08/21/openssh-user-enumeration-vulnerability-a-close-look/

[ Popular Software ]  通过伪造过伪造 Popuplink.js 插件重定插件重定向到诈骗站点： https://blog.sucuri.net/2018/08/fake-plugins-with-popuplink-js-redirect-to-scam-sites.html

[ Protocol ]  理解和描绘 DNS 解析路径的拦截： https://www.usenix.org/sites/default/files/conference/protected-files/security18_slides_liu.pdf

[ Side Channel ]  使用电磁辐射侧信道攻击最新 OpenSSL 的定长时间的 RSA，还原公私钥: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-alam.pdf

[ Tools ]  可以用来对比任何 Windows 版本的 NTDLL/NTOSKRNL/HAL 结构和函数列表的工具: https://twitter.com/i/web/status/1031674191811170306

[ Tools ]  Pacu - 一款 AWS 渗透测试框架: https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/

[ Tools ]  kemon - 用于 macOS 内核监控的开源回调框架： https://github.com/didi/kemon

[ Tools ]  WAF_buster - 通过滥用 SSL/TLS 加密算法来打破 WAF 防御: https://github.com/viperbluff/WAF_buster

[ Virtualization ]  Hypervisor 从头开始 - Part 1：基本概念和配置测试环境： https://rayanfam.com/topics/hypervisor-from-scratch-part-1/

[ Vulnerability ]  Ghostscript 包含多个-dSAFER沙箱绕过漏洞，可允许未经身份验证的远程攻击者在系统上执行任意命令： https://www.kb.cert.org/vuls/id/332928

[ Web Security ]  用来从 Online Password Manager/Vault 窃取密码的 XSS 漏洞： https://gist.github.com/shawarkhanethicalhacker/e40a7c3956fdd24b9fb63d03d94c3d34

[ Windows ]  Windows Standard Collector Service 的特权提升漏洞( CVE-2018-0952): https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service

[ WirelessSecurity ]  SMS Hacking：  https://cyberloginit.com//2017/07/20/sms-hacking.html