热点概要：AutoTriageBot：针对hackerone的自动化验证漏洞报告开源项目、一个用于智能设备安全测试的BLE（Bluetooth Low Energy）扫描器、BaRMIe：枚举并且工具Java RMI (Remote Method Invocation)的开源工具、PHP7的安全模块、如何hook LuaJIT、当你像一个攻击者一样去思考时你将会成为一个优秀的Threat Hunter

国内热词（以下内容部分来自：http://www.solidot.org/ ）

WhatsApp 被屏蔽

互联网上的黑暗角落

中国黑客攻击引起德国警觉

利用电源管理入侵 ARM TrustZone

资讯类：

谷歌测试5款主流浏览器  Safari最不安全

https://www.bleepingcomputer.com/news/security/google-experiment-tests-top-5-browsers-finds-safari-riddled-with-security-bugs/ 

技术类：

AutoTriageBot：针对hackerone的自动化验证漏洞报告开源项目

https://engineering.salesforce.com/open-sourcing-autotriagebot-deced9933cd7 

一个用于智能设备安全测试的BLE（Bluetooth Low Energy）扫描器

https://github.com/evilsocket/bleah 

BaRMIe：枚举并且攻击Java RMI (Remote Method Invocation)的开源工具

https://github.com/NickstaDB/BaRMIe 

PHP7的安全模块：Killing bugclasses and virtual-patching the rest!

https://snuffleupagus.readthedocs.io/ 

Great Hacking related Humble book Bundle 

https://www.humblebundle.com/books/hacking-reloaded-books 

Solidity anti-patterns: Fun with inheritance DAG abuse

https://pdaian.com/blog/solidity-anti-patterns-fun-with-inheritance-dag-abuse/ 

ROP介绍

https://medium.com/@iseethieves/intro-to-rop-rop-emporium-split-9b2ec6d4db08 

Broadcom：处理802.11v WNM睡眠模式响应时存在堆溢出漏洞

https://bugs.chromium.org/p/project-zero/issues/detail?id=1288 

[会议视频]Don't Google 'PowerShell Hunting'

https://www.youtube.com/watch?v=1mfVPLPxKTc 

redsails：基于Python的后渗透测试工具，可以绕过安全监控和日志记录

https://github.com/BeetleChunks/redsails 

如何hook LuaJIT

https://nickcano.com/hooking-luajit/ 

当你像一个攻击者一样去思考时你将会成为一个优秀的Threat Hunter

https://securingtomorrow.mcafee.com/business/how-thinking-like-an-attacker-makes-a-better-threat-hunter 

OSCP认证

https://securit.ie/blog/?p=70