资讯类

Zealot Campaign利用NSA工具在Windows和Linux服务器上传播矿工程序

http://securityaffairs.co/wordpress/66829/cyber-crime/zealot-campaign-nsa-exploits.html

星巴克Wifi利用电脑挖矿，免费网络中暗藏消费陷阱

http://www.bbc.com/news/technology-42338754

Uber被指控贿赂、监控、窃取商业机密

https://news.hitb.org/content/uber-accused-espionage-hacking-and-bribery-bombshell-letter

Face ID又出意外：也许你的同事就能解锁你的手机

https://www.hackread.com/chinese-woman-unlocks-colleague-iphonex-using-face-id/

技术类

async_awake：iOS漏洞工具后续

https://github.com/ninjaprawn/async_awake-fun

Zendesk中的XSS利用

https://medium.com/@shinkurt/exploiting-a-tricky-xss-in-zendesk-80bdeaea4dad

爆破玩家的福音——一键爆破所有服务

https://github.com/1N3/BruteX

可穿戴设备之软件攻击硬件

https://www.youtube.com/watch?v=CWXL3tX00aU

华为P8 wkupccpu debugfs内核缓存溢出

https://blogs.securiteam.com/index.php/archives/3580

通过基本多态引擎实现自制x64编码器

https://pentesterslife.blog/2017/12/18/custom-x64-encoder-with-a-basic-polymorphic-engine-implementation/

将PS脚本隐藏进PNG像素中并用一行指令去执行它

https://github.com/peewpw/Invoke-PSImage

利用位函数和操作符实现Mysql高效盲注

https://stealingthe.network/efficient-time-based-blind-sql-injection-using-mysql-bit-functions-and-operators/

加密货币乱象：混沌的IOTA

http://codesuppository.blogspot.ca/2017/12/iota-tangled-mess.html

OSDFCon 2017 快速应急响应演示文档

http://www.osdfcon.org/presentations/2017/Asif-Matadar_Rapid-Incident-Response.pdf