Statistical Deobfuscation of Android Applications
http://www.securitygossip.com/blog/2016/12/16/2016-12-16/

Offensiveinterview - 网络安全面试问题收集项目
https://github.com/WebBreacher/offensiveinterview

三十分钟学会SED
https://segmentfault.com/a/1190000007843652

A New Tool to Detect Known Malware from Memory Images – impfuzzy for Volatility –
http://blog.jpcert.or.jp/2016/12/a-new-tool-to-d-d6bc.html

富文本存储型XSS的模糊测试之道
https://github.com/martinzhou2015/Paper/blob/master/%E5%AF%8C%E6%96%87%E6%9C%AC%E5%AD%98%E5%82%A8%E5%9E%8BXSS%E7%9A%84%E6%A8%A1%E7%B3%8A%E6%B5%8B%E8%AF%95%E4%B9%8B%E9%81%93.pdf

PHP垃圾回收机制UAF漏洞分析
http://www.freebuf.com/vuls/122938.html

postMessage XSS on a million sites
https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/

滥用npm库导致数据暗渡
http://bobao.360.cn/learning/detail/3309.html

Ubuntu崩溃报告工具存在远程代码执行漏洞
http://bobao.360.cn/learning/detail/3305.html