腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/09/30

Nicolas Krassas @Dinosn

[ Android ] How to View TLS Traffic in Android’s Logs https://blog.securityevaluators.com/how-to-view-tls-traffic-in-androids-logs-6a42ca7a6e55#.bs4czxifs

"如何在 Android 日志中查看 TLS 流量： https://t.co/zYLbSc18yS"
Abdulrhman Alqabandi @Qab

[ Browser ] FireFox Print Preview Hijacking PoC: http://pastebin.com/raw/Nm45xLDR (Popups must be enabled)

" FireFox 浏览器打印预览劫持 PoC: https://t.co/WunIUXXShI "
Binni Shah @binitamshah

[ Browser ] Node.js debugging with Chrome DevTools in parallel with browser JS : https://blog.hospodarets.com/nodejs-debugging-in-chrome-devtools cc @ malyw https://t.co/6ZWH3t4NEh

" 利用 Chrome 的开发者工具（DevTools）调试 Node.js: https://t.co/9r3qnAvAvr "
Abdulrhman Alqabandi @Qab

[ Browser ] TIL HTML entities work in javascript only within SVG script tags, potential #WAF bypass: http://pastebin.com/raw/rt3sSdcH Chrome and FF

" SVG 标签嵌套的 Script 标签，有可能被用于 Bypass WAF: https://t.co/pTLAPC57ZK "
Abdulrhman Alqabandi @Qab

[ Browser ] Great writeup on Chrome XSS auditor bypass https://www.leavesongs.com/HTML/chrome-xss-auditor-bypass-collection.html

" 多个 Chrome XSS Auditor Bypass 实例： https://t.co/3mlpB8iXRY"
Nicolas Krassas @Dinosn

[ Bug Bounty ] Microsoft expands Windows Insider Preview Edge browser bug bounty program http://www.zdnet.com/article/microsoft-expands-windows-insider-preview-edge-browser-bug-bounty-program/#ftag=RSSbaffb68

"微软的 Bug Bounty 计划中增加了一些 Web 相关的漏洞，比如同源策略绕过和 Referer 欺骗： https://t.co/r39Ga71GcG"
Binni Shah @binitamshah

[ Defend ] A Minimalist's Guide to Window's Defense : https://drive.google.com/file/d/0B-K55rLoulAfMzgxQUVQYWFnb3c/view cc @ jaredcatkinson || @ mattifestation

"极简主义者的 Windows 系统防御指南︰ https://t.co/EVIfi5Yrjf "
Nicolas Krassas @Dinosn

[ IoTDevice ] How 1.5 Million Cameras Were Hijacked To Make A Botnet http://motherboard.vice.com/read/15-million-connected-cameras-ddos-botnet-brian-krebs

" 150 万摄像头是如何被劫持形成僵尸网络的： https://t.co/G4QmNdlVNf"
Nicolas Krassas @Dinosn

[ IoTDevice ] An unlikely XXE in Hikvision’s Remote Access Camera Cloud https://medium.com/@ iraklis/an-unlikely-xxe-in-hikvisions-remote-access-camera-cloud-d57faf99620f#.fmmjr69q5

" 海康威视的远程摄像头云中的一个 XXE 漏洞： https://t.co/q3yoKt674h "
Nicolas Krassas @Dinosn

[ Linux ] How to Crash Systemd in One Line as Any User https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet

" 一行代码 Crash Systemd： https://t.co/2gnCiWXqOD "
Nicolas Krassas @Dinosn

[ Malware ] Highly Evasive Code Injection Awaits User Interaction Before Delivering Malware https://blogs.forcepoint.com/security-labs/highly-evasive-code-injection-awaits-user-interaction-delivering-malware

" Forcepoint 最近捕获了一个样本，该样本在用户的交互下才会触发恶意代码的执行： https://t.co/sEF5SujcJM"
A.C. @costinandrei

[ Others ] Nice paper, with lots of practical examples "Quick introduction into SAT/SMT solvers and symbolic execution" https://t.co/5Xy6aidWmq

" SAT/SMT 求解器与符号执行介绍，Paper： https://t.co/5Xy6aidWmq"
Binni Shah @binitamshah

[ Others ] Deactivating Endpoint Protection Software in an Unauthorized Manner (Revisited) : https://www.exploit-db.com/docs/40433.pdf (pdf)

" 以未授权的方式禁用终端保护软件，去年推送过一篇： https://deepsec.net/docs/Slides/2015/Deactivating_Endpoint_Protection_Software_in_an_Unauthorized_%20Manner_-_Matthias_Deeg.pdf 这次是续集︰ https://t.co/elRJ4irq2L "
Parvez Anwar @ParvezGHH

[ Others ] [Blog Post] Running Macros via ActiveX Controls http://www.greyhathacker.net/?p=948

" 在 ActiveX 控件中运行宏代码： https://t.co/KB6OMgYsJZ "
Binni Shah @binitamshah

[ Tools ] Membrane : A Posteriori Detection of Malicious Code Loading by Memory Paging Analysis : https://github.com/CrySyS/membrane/

" Membrane 是一个专门检测恶意代码加载行为的工具，该工具检测的思路不是识别代码加载本身，而是通过分析代码加载对内存分页的影响来实现的︰ https://t.co/O1Ekpc0e8p"
Nicolas Krassas @Dinosn

[ Web Security ] A curated list of resources for learning about application security https://github.com/paragonie/awesome-appsec

" 应用安全相关的学习资料，包括书、网站： https://t.co/KsBROXJvvb ;"

Xuanwu Spider via 上海交大 GoSSIP

[ Tools ] Rendezvous - 二进制代码搜索引擎： http://securitygossip.com/blog/2016/09/29/2016-09-29/
Xuanwu Spider via 知道创宇 404 安全实验室

[ OpenSourceProject ] Django CSRF Bypass (CVE-2016-7401) 漏洞分析： http://paper.seebug.org/58/
Xuanwu Spider via GitHub

[ OpenSourceProject ] emterpreter - 基于 asm.js 的一个解释器： https://github.com/kripken/emscripten/wiki/Emterpreter
Xuanwu Spider via FreeBuf

[ Malware ] 解包分析攻击越南机场和其它组织机构的间谍程序： http://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651062034&idx=1&sn=d1764786708403874e9bc57a4940edbb&chksm=bd186d998a6fe48f513ccb9a67c474f262e99d6faa2ee3196b645cd981cc378c45b087264246&scene=0#rd
Xuanwu Spider via 乌云 Drops

[ Pentest ] 渗透测试中的 Volume Shadow Copy： http://drops.wiki/index.php/2016/09/29/volume-shadow-copy/
Xuanwu Spider via 知道创宇 404 安全实验室

[ Web Security ] Drupal 8 配置文件下载漏洞分析： http://blog.knownsec.com/2016/09/drupal-8-config-download/
Xuanwu Spider via FreeBuf

[ Windows ] WIN10 下 ROP 初体验： http://www.freebuf.com/articles/system/115366.html

2016/09/30