腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/04/06

Arthur Gerkis @ax330d

[ Android ] While working on something, found this article on Android kernel security — https://github.com/ukanth/afwall/wiki/Kernel-security

"Android 内核安全机制概览， Github Repo： https://t.co/Ew9yI0h41J"
Dmitry Chestnykh @dchest

[ Android ] WhatsApp Encryption Overview: Technical white paper https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf [PDF] https://t.co/yGVMtak0Gy

"WhatsApp 加密体系概览： https://t.co/Aiu2dnDOR9 https://t.co/yGVMtak0Gy"
Nicolas Krassas @Dinosn

[ Attack ] A list of compromised databases, http://vigilante.pw/

"被拖过的数据库列表： https://t.co/wjK0CEfp0m"
Trend Micro @TrendMicro

[ Attack ] Take a trip around the #cybecriminal world with our latest research: http://bit.ly/25gA1pI https://t.co/PlcRQpZDPA

"网络犯罪与暗网（Deep Web） - TrendMicro 对多个国家的分析报告︰ https://t.co/1tn7RD7ufO https://t.co/PlcRQpZDPA"
Nicolas Krassas @Dinosn

[ Attack ] APT6 compromised the US government networks for years http://securityaffairs.co/wordpress/46013/cyber-warfare-2/apt6-state-sponsored-hackers.html

"APT6 攻击组织多年前就已经攻破美国政府网络： https://t.co/bW5hrVB7Zu "
Nicolas Krassas @Dinosn

[ Browser ] MSIE MSHTML!CSVGHelpers::SetAttributeStringAndPointer Use-After-Free https://packetstormsecurity.com/files/136544/GS20160404172619.tgz

"IE 浏览器 MSHTML！CSVGHelpers::SetAttributeStringAndPointer UAF 漏洞（CVE-2016-0111）， Project Zero Issue 691: https://bugs.chromium.org/p/project-zero/issues/detail?id=691"
Threatpost @threatpost

[ Browser ] 2,000 Firefox extensions vulnerable to reuse flaw - http://ow.ly/10iXxd

"2000 个 Firefox 扩展存在扩展重用漏洞，来自 ThreatPost 的报道： https://t.co/6mmGMxQ4Hz 关于这个扩展重用漏洞，前几天推送过： http://www.buyukkayhan.com/publications/ndss2016crossfire.pdf "
jsoo @_jsoo_

[ Challenges ] #0ctf 2016 boomshakalaka writeup - http://ele7enxxh.com/0ctf-2016-boomshakalaka-writeup.html

"0ctf 2016 boomshakalaka writeup: https://t.co/OyTGZMBm9x"
jsoo @_jsoo_

[ Challenges ] #bctf 2016 LostFlower writeup - http://ele7enxxh.com/bctf-2016-LostFlower-writeup.html

"Bctf 2016 LostFlower Writeup： https://t.co/dzDOubQoc9"
jsoo @_jsoo_

[ Challenges ] #0ctf 2016 State of the ART writeup - http://ele7enxxh.com/0ctf-2016-State-of-the-ART-writeup.html

"0ctf 2016 State of the ART writeup: https://t.co/DzWd4I6MRr"
Nicolas Krassas @Dinosn

[ Crypto ] TLS Client Pitfalls https://lukasa.co.uk/2016/04/In_Response_To_Sucuri/

"对 Sucuri 公司的回应： https://t.co/eYsHoMuF5l 前段时间 Sucuri 发表文章称多种编程语言在校验 TLS 证书有效性时存在缺陷，可以导致用户接受无效证书。"
Binni Shah @binitamshah

[ Exploit ] Exploiting Buffer Overflows on MIPS Architectures : https://www.exploit-db.com/docs/39658.pdf (pdf)

"MIPS 架构缓冲区溢出漏洞利用， PDF︰ https://t.co/35tta1g7y2 "
Nicolas Krassas @Dinosn

[ iOS ] Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability http://seclists.org/fulldisclosure/2016/Apr/19

"Apple iOS 9.3.1 (iPhone 6S & iPhone Plus)-（3D Touch）锁屏密码绕过漏洞，来自 FullDisclosure 的公告： https://t.co/YFZA3Sb5rG"
packagecloud.io @packagecloudio

[ Linux ] More than you ever wanted to know about Linux system calls http://blog.packagecloud.io/eng/2016/04/05/the-definitive-guide-to-linux-system-calls/

"Linux 系统调用终极指南： https://t.co/5ybWuQzig8"
Tim Strazzere @timstrazz

[ Linux ] Oh yay, fixing CVE-2015-1805 lead to CVE-2016-0774 how nice! https://bugzilla.redhat.com/show_bug.cgi?id=1303961

"Linux 内核从管道读取数据时，不正确的原子读操作导致管道缓冲区状态破坏（CVE-2016-0774）。这个漏洞是修复 CVE-2015-1805 导致的： https://t.co/DS90R13pHh"
Nicolas Krassas @Dinosn

[ Malware ] Technical Dive into a Hardened Phish Kit http://blog.phishlabs.com/technical-dive-into-a-hardened-phish-kit

"钓鱼诈骗工具包 Spinner 的技术分析： https://t.co/SyvRBoJ6tW "
Matthew Mesa @mesa_matt

[ Malware ] New post on the personalized emails we've seen delivering Nymaim, Ursnif, Dridex, etc. https://www.proofpoint.com/us/threat-insight/post/phish-scales-malicious-actor-target-execs IOCs: https://www.proofpoint.com/sites/default/files/proofpoint-personalized-actor-iocs.pdf

"钓鱼邮件中使用越多的个人信息，攻击成功的可能性就越高。来自 ProofPoint Blog： https://t.co/alqMEUISNd IOCs ︰ https://t.co/dNobh5wLmp"
PHR34K @unpacker

[ Malware ] Analysis of the Locky infection process http://www.welivesecurity.com/2016/04/04/analysis-of-the-locky-infection-process/

"Locky 勒索软件的感染过程分析，来自 ESET Blog： https://t.co/NqEhLrlKbC "
Giuseppe `N3mes1s` @gN3mes1s

[ Others ] GPG signature verification on github - https://github.com/blog/2144-gpg-signature-verification

"Github 支持提交时校验 GPG 签名了： https://t.co/QyUnNuAM0q"
Mike_Mimoso @Mike_Mimoso

[ Others ] WhatsApp Adds End-to-End Encryption To One Billion Users: https://threatpost.com/whatsapp-adds-end-to-end-encryption-to-one-billion-users/117213/ via @ threatpost

"WhatsApp 开始支持端到端加密： https://t.co/4IxZsjrKta"
Iván @aszy

[ Others ] Pinpointing and Hiding Surprising Fragments in an Obfuscated Program https://www.cs.auckland.ac.nz/~cthombor/Pubs/swprot/pprew5-stealth.pdf

"这篇 Paper 提出了一种称为 'pinpoint-hide' 的对抗技术，用于提高混淆代码的隐蔽性： https://t.co/tr1twPYR2T"
Xavier Mertens @xme

[ Others ] Interesting read: “Remote #IOC scanning with #Powershell” by @ CyberForce_Be: http://www.cyberforce.be/blog/remote-ioc-scanning-powershell #DFIR

"用 Powershell 远程扫描 IOC : https://t.co/C8jf2g82x9 "
Darkoperator @Carlos_Perez

[ Pentest ] Meterpreter New Windows PowerShell Extension http://www.darkoperator.com/blog/2016/4/2/meterpreter-new-windows-powershell-extension #PowerShell #Metasploit #Meterpreter

"Meterpreter 新的 Windows PowerShell 扩展： https://t.co/vpZdm1AGxE "
Alvaro Muñoz @pwntester

[ Popular Software ] Nice java deserialization info collection https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet

"Java 反序列化漏洞收集： https://t.co/dqaR3kyqXS"
Deeks @deeks

[ Popular Software ] Dameware Mini Remote Control 0day POC http://zpr.io/hwdV #InfoSec

"Dameware Mini 远控软件代码执行 PoC： https://t.co/fLYcdCeV9P "
Mike_Mimoso @Mike_Mimoso

[ Popular Software ] Adobe to release an emergency Flash Player update this week for a vuln under attack: https://threatpost.com/emergency-update-coming-for-flash-vulnerability-under-attack/117219/ via @ threatpost

"Adobe Flash 发布了一个紧急补丁，修复野外攻击中使用的 CVE-2016-1019 漏洞，来自 ThreatPost 的报道： https://t.co/W8EUQkKQq3 Adobe 公告： https://helpx.adobe.com/security/products/flash-player/apsa16-01.html "
Nicolas Krassas @Dinosn

[ SecurityProduct ] Panda Security Multiple Business Products – Privilege Escalation https://www.nettitude.co.uk/panda-security-multiple-business-products-privilege-escalation/

"Panda 安全软件 v7.30.2 版本 SYSTEM 提取漏洞（CVE-2016-3943），漏洞公告： https://t.co/te0fp0UN3Y"
Arthur Gerkis @ax330d

[ Tools ] @ halvarflake I got slides from organisers — https://www.area41.io/downloads/slides/thomas_dullien_heap_visualisation_tools.pdf

"堆可视化工具 — 方便更好的分析堆： https://t.co/h7nOvR9M5i"
pancake @trufae

[ Tools ] The Swift bindings for Frida are ready to be used! https://github.com/frida/frida-swift #ios #re

"Frida Swift bindings， Github Repo： https://t.co/i1fwoDqcBL "
Frank Denis @jedisct1

[ Web Security ] Pwncloud – bad crypto in the Owncloud encryption module https://blog.hboeck.de/archives/880-Pwncloud-bad-crypto-in-the-Owncloud-encryption-module.html

"Pwncloud - Owncloud Web 应用的加密模块存在缺陷： https://t.co/mIQYx0OanU"
Eric Lawrence @ericlaw

[ Windows ] Did you know: Using Drag/drop from your mail client may defeat Windows security? https://textplain.wordpress.com/2016/04/04/downloads-and-the-mark-of-the-web/

"Downloads and the Mark-of-the-Web： https://t.co/58LGPvdRNM"
MWR Labs @mwrlabs

[ Windows ] New publication released: "Windows Kernel Exploitation 101: Exploiting CVE-2014-411" by @ _samdb_ https://labs.mwrinfosecurity.com/publications/windows-kernel-exploitation-101-exploiting-cve-2014-411/

"Windows 内核漏洞利用之 Exploiting CVE-2014-4113（win32k），来自 MWR Labs 的 Paper： https://t.co/sPUcRDbyln"

2016/04/06