[ Browser ]   The Return of the JIT (Part 2) - 在 Firefox ASM.JS 的常量中藏 x86 代码： https://rh0dev.github.io/blog/2017/the-return-of-the-jit-part-2/

[ MalwareAnalysis ]   Samba 的 SambaCry 出现了野外攻击新样本，不同于之前样本，新样本主要攻击 IoT 设备： http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-update-new-threat-exploits-sambacry/

[ Mobile ]   MWR Labs 公开了 Huawei Y6 Pro 手机的 MediaTek frame buffer 驱动的三个漏洞： https://labs.mwrinfosecurity.com/advisories/huawei-frame-buffer-driver-information-leak/  https://labs.mwrinfosecurity.com/advisories/huawei-frame-buffer-driver-arbitrary-memory-write/  https://labs.mwrinfosecurity.com/advisories/huawei-frame-buffer-driver-arbitrary-memory-write-2/ 

[ Others ]   Bitdefender 在处理 7z PPMD 压缩格式时存在栈缓冲区溢出漏洞： https://landave.io/2017/07/bitdefender-remote-stack-buffer-overflow-via-7z-ppmd/

[ Others ]  十种进程注入技术：一份对通用进程注入技术的调查： https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process

[ Popular Software ]  How the Twitter App Bypasses Paywalls： https://elaineou.com/2017/01/19/how-the-twitter-app-bypasses-paywalls/

[ SCADA ]   SCADA - 一直被忽视的威胁： https://www.yumpu.com/en/document/view/58975332/scada-threats-people-overlook

[ Tools ]   GreatSCT - 用于生成绕过应用白名单的工具： https://github.com/GreatSCT/GreatSCT

[ Tools ]  pyrebox - Python 写的基于 QEMU 实现的逆向动态分析沙盒框架： https://github.com/Cisco-Talos/pyrebox

[ Tools ]  sniff-probes - bash 脚本，用于嗅探 802.11 探测请求，获取对方历史连接过的 WIFI 网络名称： https://github.com/brannondorsey/sniff-probes

[ Vulnerability ]  Spring Web Flow Framework 远程代码执行漏洞详情及分析（CVE-2017-4971）： https://blog.gdssecurity.com/labs/2017/7/17/cve-2017-4971-remote-code-execution-vulnerability-in-the-spr.html

[ Vulnerability ]   Oracle 发布季度更新，一次修复 308 个漏洞，其中 165 个远程可利用，涵盖 90 款产品： https://threatpost.com/oracle-releases-biggest-update-ever-308-vulnerabilities-patched/126910/

[ Windows ]  CVE-2017-8543 Windows Search漏洞分析及POC关键部分，来自 ADLab： http://mp.weixin.qq.com/s/X2JcKCpCH4exDoxMK5oN5Q