[ Android ]  Android: Inter-process munmap due to race condition in ashmem(CVE-2017-13216)： https://bugs.chromium.org/p/project-zero/issues/detail?id=1388

[ Browser ]  Microsoft Edge: Chakra: JIT: BackwardPass::RemoveEmptyLoopAfterMemOp doesn't insert branches.（CVE-2017-11909）： https://bugs.chromium.org/p/project-zero/issues/detail?id=1384

[ Browser ]  Microsoft Edge: Chakra: JIT: Op_MaxInAnArray and Op_MinInAnArray can explicitly call user defined JavaScript functions： https://bugs.chromium.org/p/project-zero/issues/detail?id=1379

[ Browser ]  Microsoft Edge: Chakra: JIT: Escape analysis bug（CVE-2017-11918）： https://bugs.chromium.org/p/project-zero/issues/detail?id=1396

[ Browser ]  Microsoft Edge: Chakra: OOB read in asm.js： https://bugs.chromium.org/p/project-zero/issues/detail?id=1385

[ Crypto ]  SSL 证书吊销以及过程中可能遇到的问题： https://medium.com/@alexeysamoshkin/how-ssl-certificate-revocation-is-broken-in-practice-af3b63b9cb3

[ Debug ]  从 VSCode 中调试 TypeScript： https://medium.com/spektrakel-blog/debugging-typescript-from-vscode-3cb3a182bf63

[ Detect ]  利用 ELK 自动化检测 Mimikatz: https://jordanpotti.com/2018/01/03/automating-the-detection-of-mimikatz-with-elk/

[ Hardware ]  Xbox 360 CPU 的一个设计问题，某个新加的指令可能带来风险： https://randomascii.wordpress.com/2018/01/07/finding-a-cpu-design-bug-in-the-xbox-360/

[ Hardware ]  AMD-PSP：通过特殊制作的 EK 证书触发 fTPM 远程代码执行漏洞: http://seclists.org/fulldisclosure/2018/Jan/12    http://securityaffairs.co/wordpress/67448/hacking/67448.html

[ Hardware ]  利用 0Day 漏洞破解 45 年前的 Xerox Alto 电脑的硬盘密码保护： http://www.righto.com/2018/01/xerox-alto-zero-day-cracking-disk.html

[ iOS ]  iOS 发布 11.2.2，推送针对 Spectre 漏洞的的补丁： https://support.apple.com/en-ca/HT208401

[ iOS ]  iOS Imaging on the Cheap! - Part Deux! (for iOS 10 & 11)，iOS 10.3.3 和 iOS 11 的越狱： https://www.mac4n6.com/blog/2018/1/7/ios-imaging-on-the-cheap-part-deux-for-ios-10-11

[ IoTDevice ]  西部数据 NAS 设备被发现固件后门账户，且该后门账户与 D-Link 路由器后门一致，这个后门可以追溯到 2014 年：  https://www.techspot.com/news/72612-western-digital-cloud-drives-have-built-backdoor.html  https://t.co/6pN2JO1NVH

[ MachineLearning ]  Google 用于支持手机和嵌入式平台的深度学习框架 TensorFlow Lite 版预览版发布： https://github.com/tensorflow/tensorflow/tree/r1.5/tensorflow/contrib/lite  FaceBook 也有一个类似的轻量级框架 Caffe2Go： https://code.facebook.com/posts/196146247499076/delivering-real-time-ai-in-the-palm-of-your-hand/

[ macOS ]  macOS High Sierra 发布 10.13.2 版本，推送 Spectre 幽灵 CPU 漏洞的补丁： https://support.apple.com/en-us/HT208397

[ Others ]  Improving the BMC RSCD RCE Exploit： https://nickbloor.co.uk/2018/01/08/improving-the-bmc-rscd-rce-exploit/

[ Pentest ]  CTF 比赛中常用的渗透测试技巧： http://bitvijays.github.io/LFC-VulnerableMachines.html

[ Processor ]  腾讯安全玄武实验室发布 “幽灵” CPU 漏洞在线检测工具，此工具可检测您的浏览器是否易于遭受“幽灵”漏洞的攻击： http://xlab.tencent.com/special/spectre/spectre_check.html

[ Processor ]  利用硬件性能计数器检测 Spectre 和 Meltdown 漏洞，来自 Endgame: https://www.endgame.com/blog/technical-blog/detecting-spectre-and-meltdown-using-hardware-performance-counters

[ SecurityProduct ]  赤手空拳缴械杀毒软件，SilentSignal 团队发现利用 COM 劫持等技术可以直接禁用/攻击多款杀毒软件： https://blog.silentsignal.eu/2018/01/08/bare-knuckled-antivirus-breaking/  Paper： https://blog.silentsignal.eu/wp-content/uploads/2018/01/S2_BareKnuckledAVBreaking_180108.pdf

[ Tools ]  Improving Link Time on Windows with clang-cl and lld： http://blog.llvm.org/2018/01/improving-link-time-on-windows-with.html

[ Web Security ]  攻击者利用 Google Apps Script 的漏洞通过 SaaS 平台传播恶意软件： https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/security-flaw-in-google-apps-script-can-let-hackers-deliver-malware-via-saas-platform?utm_source=trendlabs-smk&utm_medium=smk&utm_campaign=01-18-google-apps-security-flaw

[ Web Security ]  Wapiti Web 应用漏洞扫描器： https://www.kitploit.com/2018/01/wapiti-300-web-application.html?utm_source=dlvr.it&utm_medium=twitter