[ Browser ]  Chrome for Android - Window.open 和 onbeforeunload 对话框结合使用可以让 Chrome WebView 渲染引擎崩溃（CVE-2018-6068）： https://bugs.chromium.org/p/chromium/issues/detail?id=798933

[ Hardware ]  传真机相关的漏洞介绍，来自 ZeroNights 2018 ： https://github.com/x41sec/slides/tree/master/2018-zeronights

[ Hardware ]  LINUX THROWIE - 打造太阳能供电的远程硬件后门:  https://hackaday.com/2018/11/20/the-linux-throwie-a-non-spacefaring-satellite/

[ MachineLearning ]  Ergo 项目介绍，通过机器学习从卫星照片中探测飞机 ： https://www.evilsocket.net/2018/11/22/Presenting-project-Ergo-how-to-build-an-airplane-detector-for-satellite-imagery-with-Deep-Learning/

[ MalwareAnalysis ]  检测使用域名前置(Domain Fronting)技术的恶意软件：  https://www.activecountermeasures.com/detecting-domain-fronting-malware/

[ Tools ]  AndroidProjectCreator 一款对 APK 程序进行分析的工具介绍 ： https://maxkersten.nl/2018/11/21/androidprojectcreator-the-how-and-why/

[ Virtualization ]  赢得 Pwn2Own 2018 Virtualbox 的漏洞分析及利用介绍： 1) https://github.com/niklasb/sploits/tree/master/virtualbox/hgcm-oob 2) https://github.com/phoenhex/files/blob/master/slides/thinking_outside_the_virtualbox.pdf

[ Vulnerability ]  对于多个 VirtualBox、Safari 及 Firefox 漏洞利用的整理： https://github.com/niklasb/sploits

[ Vulnerability ]  Oracle Secure Global Desktop Administration Console XSS 漏洞披露(CVE-2018-19439)：  https://seclists.org/fulldisclosure/2018/Nov/58

[ Vulnerability ]  RichFaces Framework EL 代码注入漏洞(CVE-2018-14667)分析：  https://www.slideshare.net/joaomatosff/a-little-bit-about-code-injection-in-webapplication-frameworks-cve201814667-h2hc-2018

[ Vulnerability ]  iOS/macOS IOKit 介绍及如何进行漏洞挖掘 ： http://powerofcommunity.net/poc2018/tielei.pdf

[ Web Security ]  Web 安全相关攻击方式整理：  https://blog.georgovassilis.com/2016/04/16/advanced-web-security-topics/