[ Attack ]  嗅探手机与基站通信数据的中间人攻击教程： https://insinuator.net/2018/02/hacking-101-to-mobile-data/

[ Browser ]    Meltdown/Spectre CPU 漏洞爆出之后，Chrome 浏览器从站点隔离（Site Isolation）、Cross-site document blocking 等方面缓解漏洞对浏览器的影响： https://developers.google.com/web/updates/2018/02/meltdown-spectre

[ Browser ]  Safari 技术预览版 49 发布：   https://webkit.org/blog/8088/release-notes-for-safari-technology-preview-49/

[ Browser ]    iOS Safari HTMLFormElement::associatedElements 迭代过程中出过的 3 个 UAF 漏洞（CVE-2017-2460/CVE-2017-13791/）： http://www.uaf.li/2018/02/three-uaf-when-iterating-through.html

[ Bug Bounty ]  Google 对 2017 年漏洞奖励计划做了回顾： https://security.googleblog.com/2018/02/vulnerability-reward-program-2017-year.html

[ Fuzzing ]  Internals of AFL fuzzer - QEMU Instrumentation： https://tunnelshade.in/blog/2018/02/afl-internals-qemu-instrumentation/

[ Industry News ]  TrendLabs 发布通过基于语境信息和信誉度评分的新型威胁检测系统： https://blog.trendmicro.com/trendlabs-security-intelligence/xgen-detection-new-threats/

[ IoTDevice ]  攻击  Sonoff Wifi 智能开关： Part 1 :  http://blog.kilomon.com/2018/01/hacking-sonoff-wifi-switch.html , Part 2 :  http://blog.kilomon.com/2018/02/hacking-sonoff-wifi-switch-part-2.html , Part 3 ：  http://blog.kilomon.com/2018/02/hacking-sonoff-wifi-switch-part-3-alexa.html

[ Linux ]   Kali Linux 2018.1 发布： https://www.kali.org/downloads/

[ MalwareAnalysis ]   Paloalto 对推送 Hancitor 恶意软件的垃圾邮件活动的分析： https://researchcenter.paloaltonetworks.com/2018/02/unit42-compromised-servers-fraud-accounts-recent-hancitor-attacks/

[ MalwareAnalysis ]   基于 HTTP 的 Andromeda Botnet 近几年的发展情况： https://www.virusbulletin.com/uploads/pdf/magazine/2018/201802-review-evolution-andromeda.pdf

[ MalwareAnalysis ]   Paloalto 对 LuminosityLink 木马的现况调查： https://researchcenter.paloaltonetworks.com/2018/02/unit42-rat-trapped-luminositylink-falls-foul-vermin-eradication-efforts/

[ MalwareAnalysis ]   Cisco Talos 团队对攻击中东地区的黑客常用攻击手法介绍： http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html

[ Others ]  深入理解正则表达式原理，Part 1： https://rcoh.me/posts/no-magic-regular-expressions/  Part 2： https://rcoh.svbtle.com/regular-expressions-part-2  Part 3： https://rcoh.svbtle.com/no-magic-regular-expressions-part-3

[ Others ]  IP Over QR Code (Part 1 - 3)： http://seiferteric.com/?p=356

[ Others ]  Executable and Linkable Format 101. Part 2: Symbols： http://www.intezer.com/executable-linkable-format-101-part-2-symbols/

[ Popular Software ]   InfoZip UnZip 受多个缓冲区溢出漏洞影响，可导致任意代码执行和拒绝服务： https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html

[ Popular Software ]   PureVPN for MacOS 权限提升漏洞披露（CVE-2018-6822）： https://github.com/VerSprite/research/blob/master/advisories/VS-2018-002.md

[ Programming ]  使用 Java 创建区块链教程，Part 1： https://medium.com/programmers-blockchain/create-simple-blockchain-java-tutorial-from-scratch-6eeed3cb03fa  Part 2： https://medium.com/programmers-blockchain/creating-your-first-blockchain-with-java-part-2-transactions-2cdac335e0ce

[ Protocol ]   Messaging Layer Security (MLS) 协议架构草案： https://tools.ietf.org/html/draft-omara-mls-architecture-00

[ Tools ]   FireEye 发布 ReelPhish 实时双因素钓鱼工具，介绍： https://www.fireeye.com/blog/threat-research/2018/02/reelphish-real-time-two-factor-phishing-tool.html ; GitHub： https://github.com/fireeye/ReelPhish

[ Tools ]  微软更新了驱动安全性检查清单： https://docs.microsoft.com/en-us/windows-hardware/drivers/driversecurity/driver-security-checklist

[ Tools ]   Grouper - 用于寻找活动目录组策略漏洞的 PowerShell 脚本： https://github.com/l0ss/Grouper

[ Tools ]   java-deserialization-exploits - Java 反序列化漏洞利用收集： https://github.com/Coalfire-Research/java-deserialization-exploits

[ Tools ]   Empire 渗透测试框架的高级使用： https://www.slideshare.net/JeremyJohnson166/advanced-weapons-training-for-the-empire

[ Web Security ]   通过 Facebook 的第三方合作伙伴门户网站可以泄露任意 Facebook 的用户邮箱： https://www.josipfranjkovic.com/blog/facebook-partners-portal-account-takeover