[ Browser ]  从 Assembly 到 JavaScript：主要介绍 Javascript JIT 及各个平台下的 JIT Spray 的技巧: https://gsec.hitb.org/materials/sg2018/D1%20-%20Turning%20Memory%20Errors%20into%20Code%20Execution%20with%20Client-Side%20Compilers%20-%20Robert%20Gawlik.pdf

[ Crypto ]  Google 发布 Tink 加密软件库：  https://security.googleblog.com/2018/08/introducing-tink-cryptographic-software.html 

[ MalwareAnalysis ]  逆向分析自定义格式加载的恶意软件：Hidden Bee : https://blog.malwarebytes.com/threat-analysis/2018/08/reversing-malware-in-a-custom-format-hidden-bee-elements/

[ Mobile ]  LTE 移动网络自动化漏洞利用：  https://gsec.hitb.org/materials/sg2018/D1%20-%20Exploiting%20Automation%20in%20LTE%20Mobile%20Networks%20-%20Altaf%20Shaik%20&;%20Ravishankar%20Borgaonkar.pdf

[ Others ]  FILE Structures - Another Binary Exploitation Technique ，作者通过漏洞的方式修改 FILE 结构体的一些字段实现漏洞利用，提出了一个新的概念FSOP（FILE Structure Orientd Programming）： https://gsec.hitb.org/materials/sg2018/D1%20-%20FILE%20Structures%20-%20Another%20Binary%20Exploitation%20Technique%20-%20An-Jie%20Yang.pdf

[ Pentest ]   渗透测试命令列表:  https://gist.github.com/caseysmithrc/d48e43770ab4ee161b1a806da8ccf390

[ Pentest ]  通过 SSL 加密通信进行横向渗透的 LAME 技术: https://dotelite.gr/the-lame-technique/

[ Popular Software ]  通过组合使用 COM 对象和 VBA typelib 功能，可以在宏的环境中执行任意 Jscript .Net： https://twitter.com/PhilipTsukerman/status/1035157960308211712

[ Popular Software ]  ZipArchive 2.1.4 目录遍历 0day 漏洞 POC 发布:  https://github.com/Proteas/ZipArchive-Dir-Traversal-PoC

[ Popular Software ]   绕过 Workflows Protection技巧 - SharePoint 的远程代码执行: https://www.nccgroup.trust/uk/our-research/technical-advisory-bypassing-workflows-protection-mechanisms-remote-code-execution-on-sharepoint/

[ Popular Software ]  Microsoft Office 中创建新文档超连接的 Bug，Blog:  https://homjxi0e.wordpress.com/2018/08/30/msft-word-bug-bypass-security/Video/PoC：  https://www.youtube.com/watch?v=nWj0y92-6Ok&;feature=youtu.be

[ Popular Software ]  在 Microsoft Word 中调用 ActiveX 控件的技巧: https://www.blackhillsinfosec.com/having-fun-with-activex-controls-in-microsoft-word/

[ Tools ]  Apple Smart Keyboard 和 Apple Pencil 的安全研究研究：  https://github.com/Antid0teCom/ipad_accessory_research

[ Tools ]  用于保护 iOS 应用程序的开源代码混淆工具 Sirius 发布: https://www.polidea.com/blog/open-source-code-obfuscation-tool-for-protecting-ios-apps/

[ Tools ]   go test -run=InQemu，通过Qemu进行测试，来自 GopherCon 2018：  https://docs.google.com/presentation/d/1rAAyOTCsB8GLbMgI0CAbn69r6EVWL8j3DPl4qc0sSlc/edit#slide=id.p

[ Tools ]  vdexExtractor - 从 Vdex 文件反编译和提取 Android Dex 字节码的工具:  https://github.com/anestisb/vdexExtractor

[ Windows ]  Windows 进程注入: 通过服务控制器向服务进程注入 Payload : https://modexp.wordpress.com/2018/08/30/windows-process-injection-control-handler/