[ Browser ]   Firefox Nightly 版本本周开始支持 FIDO U2F (Universal 2nd Factor) security key： https://www.yubico.com/2017/09/firefox-nightly-enables-support-fido-u2f-security-keys/

[ Browser ]  《To Type or Not to Type: Quantifying Detectable Bugs in JavaScript》，Paper： http://ttendency.cs.ucl.ac.uk/projects/type_study/documents/type_study.pdf

[ Conference ]  Bsides 2017 会议的一篇演讲《Repeated vs. single-round games in security》： https://docs.google.com/presentation/d/1y_R6Lkby-10LIIzFMnF4wqzqPWD-eh5RemWy31y4UjE/edit#slide=id.g26af5e9965_0_7

[ Defend ]  DerbyCon 2016 会议的一篇演讲《Better Network Defense Through Threat Injection and Hunting》： https://zachgrace.com/public/presentations/DerbyCon_2016_ZG_BG.pdf

[ Malware ]  FinFisher 正在 ISP 级别发起中间人劫持攻击，用木马感染文件下载： https://t.co/vfaRpa5PFg

[ Malware ]  Blaze's Security Blog 对一个恶意广告点击网络的分析： https://bartblaze.blogspot.fr/2017/09/malicious-adclick-networks-common-or.html

[ ReverseEngineering ]  用于重命名 iOS kernelcache function stubs 的 IDA Python 脚本： https://github.com/saelo/ida_scripts/blob/master/kernelcache.py

[ Windows ]  DerbyCon 2017 会议的一篇演讲《Subverting Trust in Windows - A Case Study of the "How" and "Why" of Engaging in Security Research》，视频： http://www.irongeek.com/i.php?page=videos/derbycon7/k00-subverting-trust-in-windows-a-case-study-of-the-how-and-why-of-engaging-in-security-research-matt-graeber

[ Windows ]  James Forshaw 在 DerbyCon 2017 会议的演讲《the .NET Inter-Operability Operation》： https://github.com/tyranid/DotNetInteropDemos/releases/tag/DERBYCON_2017

[ Windows ]  来自 DerbyCon 会议的演讲《Beyond xp_cmdshell: Owning the Empire through SQL Server 》： https://www.slideshare.net/nullbind/beyond-xpcmdshell-owning-the-empire-through-sql-server

[ Windows ]  WinDbg 调试器 1.0.12.0 版本目前支持 Time Travel Debugging 了。支持记录下执行过程后，前后向重放： https://www.microsoft.com/en-us/store/p/windbg-preview/9pgjgd53tn86

[ Windows ]  来自 DerbyCon 会议的演讲《Here Be Dragons: The Unexplored Land of Active Directory ACLs》： https://www.slideshare.net/AndyRobbins3/here-be-dragons-the-unexplored-land-of-active-directory-acls