腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] #Unit42 finds new Poison Ivy RAT dubbed #SPIVY targeting Hong Kong pro-Democracy activists http://bit.ly/1NngT3t
" Poison Ivy 远控工具的新变种攻击香港民主人士, 来自 Palo Alto Blog: https://t.co/a6mqXGxsTP"
-
[ Attack ] Nuclear Exploit Kit Service Cashes In With Ransomware https://packetstormsecurity.com/news/view/26563/Nuclear-Exploit-Kit-Service-Cashes-In-With-Ransomware.html
"Nuclear Exploit Kit 服务通过勒索软件套现, 来自 ArsTechnica 的报道: https://t.co/k2kriLFWTG"
-
[ Browser ] Here's how the new #Opera "#VPN" works behind the curtains, including captured API calls when the "VPN" is set up: https://gist.github.com/spaze/558b7c4cd81afa7c857381254ae7bd10
"Opera 开发版将集成 VPN 服务: http://www.opera.com/blogs/desktop/2016/04/free-vpn-integrated-opera-for-windows-mac/ Github 上有人分析该功能是如何实现的 ︰ https://t.co/z1jE3tdcl2"
-
[ Hardware ] Hardware Reverse Engineering : Access, Analyze, & Defeat : https://media.blackhat.com/bh-dc-11/Grand/BlackHat_DC_2011_Grand-Workshop.pdf (pdf) #b2b
"硬件逆向分析, 来自 BlackHat 2011 会议的一篇演讲︰ https://t.co/DvRUkJoH1V "
-
[ Linux ] Update on the [Linux] Kernel Self Protection Project by @ kees_cook : https://outflux.net/slides/2016/cs/kspp.pdf -- "Killing bug classes is better"
"Linux 内核自我保护项目, Slides︰ https://t.co/5JxbVBPXjm WiKi: http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project "
-
[ Malware ] A case study of a recent ransomware attack : https://community.rsa.com/community/products/security-analytics/blog/2016/04/18/held-for-ransom-a-case-study-of-a-recent-ransomware-attack
"RSA blog 对最近的 SamSam 勒索软件样本的分析: ︰ https://t.co/sGPlXbdTtA"
-
[ Malware ] New downloader for #Locky malware http://bddy.me/1XMDDdP #ransomware https://t.co/o8K9pwhSMX
"Locky 勒索软件的新下载器: https://t.co/4Chn6ISVx5 https://t.co/o8K9pwhSMX"
-
[ Malware ] Added Nivdort to monitoring system https://intel.malwaretech.com/botnet/nivdort_dga
"MalwareTech 的监控系统加入对 Nivdort Bot 的监控: https://t.co/KRRDEGvoj0"
-
[ Malware ] PowerShell Used For Spreading Trojan.Laziok Through Google Docs https://www.fireeye.com/blog/threat-research/2016/04/powershell_used_for.html #DFIR #infosec
"攻击者通过 Google Docs 传播 Trojan.Laziok 木马,过程中使用 PowerShell 从 Google Docs 下载木马、绕过反病毒软件: https://t.co/iTlFirBNeC "
-
[ Obfuscation ] Symbolic Execution of Obfuscated Code https://www.cs.arizona.edu/people/debray/Publications/ccs2015-symbolic.pdf
"混淆后代码的符号执行: https://t.co/KaUKy1aVGo"
-
[ Others ] PS4 WebKit exp looks awesome, https://github.com/Fire30/PS4-2014-1303-POC/blob/master/pcsploit.html, reminding of my talk on Blackhat EU 2014: https://www.blackhat.com/eu-14/briefings.html#webkit-everywhere-secure-or-not
"Sony PS4 WebKit Exploit PoC(CVE-2014-1303): https://t.co/adP9rC2YF5 Chenliang 在 Blackhat EU 2014 会议的演讲《webkit everywhere secure or not》 : https://t.co/yOMuILCtBl"
-
[ Others ] Just Published: 1 Million People use Facebook over Tor https://www.facebook.com/notes/facebook-over-tor/1-million-people-use-facebook-over-tor/865624066877648
"100 万人在通过 Tor 访问 Facebook: https://t.co/VhDEAaT9dj"
-
[ Others ] Hacking Nagios: The Importance of System Hardening https://blog.anitian.com/hacking-nagios/ (3rd party plugin actually not nagios)
" Hacking Nagios - 系统加固的重要性: https://t.co/SnyixPRYeG Nagios 是一款网络监控工具"
-
[ Others ] The little black book of Computer viruses : http://www.cin.ufpe.br/~mwsa/arquivos/THE_LITTLE_BLACK__BOOK_OF_C.PDF (pdf) #b2b
"计算机病毒小黑书(书籍) ︰ https://t.co/Qt5Vi5LBRq "
-
[ Pentest ] Offensive Active Directory (With PowerShell!) : http://www.slideshare.net/harmj0y/psconfeu-offensive-active-directory-with-powershell (Slides) cc: @ harmj0y
"基于 PowerShell 的 Active Directory 攻击,来自 PSConfEU 会议: https://t.co/7DijaDr6A6 还有一篇: http://www.slideshare.net/harmj0y/psconfeu-building-an-empire-with-powershell "
-
[ Pentest ] GitHub - leonjza/qrxfer: Transfer files from Air gapped machines using QR codes https://github.com/leonjza/qrxfer
"qrxfer︰ 从物理隔绝的机器上通过二维码传输文件的工具: https://t.co/GKNyrJqh2C"
-
[ Tools ] (State of) The Art of War : Offensive Techniques in Binary Analysis : https://www.cs.ucsb.edu/~vigna/publications/2016_SP_angrSoK.pdf (pdf)
"下一代二进制分析框架 Angr, Paper︰ https://t.co/1M5946W20S 官网: http://angr.io/ Github Repo: https://github.com/angr/angr "
-
[ Tools ] OSBoxes – Virtual Machines for VirtualBox and VMware : http://www.osboxes.org/
"OSBoxes — 该网站提供了很多的操作系统虚拟机镜像,下载就能用,不再需要自己安装系统了。网站提供 VirtualBox 和 VMware 两种虚拟机格式,支持多种操作系统 ︰ https://t.co/TY9QFix7CC"
-
[ Tools ] Slides: "Malware Analysis with Vivisect" http://nest.unm.edu/files/5514/1254/9114/Malware_Analysis_with_Vivsect.pdf
"基于 Vivisect 框架的恶意软件分析: https://t.co/K8PEgP7Hlb Vivisect 是个 Python 编写的、跨平台的分析框架"
-
[ Windows ] More improvements in Narrator on Windows 10... @ Microsoft seriously giving it some! https://blogs.msdn.microsoft.com/accessibility/2016/04/11/improvements-to-narrator-in-windows-10/?platform=hootsuite
" Windows 10 Narrator(讲述者)功能增强: https://t.co/aqMI20hTzL"
-
[ Windows ] Cool Write up on the regsvr32 bypass thing. http://drops.wooyun.org/tips/15124
"用 SCT 绕过应用白名单保护, 来自 Wooyun Drops 的文章: https://t.co/KiZYg5AN6x"
-
[ Windows ] @ byt3bl33d3r @ subTee link to the module https://github.com/byt3bl33d3r/CrackMapExec/blob/master/modules/code_execution/bypass/com_exec.py
"通过一段 COM 脚本绕过应用白名单保护, Github Repo: https://t.co/9DMLxkq4rN"
-
[ Windows ] Hyper-V Architecture - https://msdn.microsoft.com/en-us/library/cc768520%28v=bts.10%29.aspx
"Windows Server 2008 Hyper-V 虚拟化技术架构: https://t.co/VbRpH179dG 还有一篇文章可参考: http://hvinternals.blogspot.com/2015/10/hyper-v-internals.html "
