腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Unlocking The Screen Of An LG Android Smartphone With AT Modem Commands http://www.forensicfocus.com/News/article/sid=2830/
" 通过发送 AT 调制解调器命令,解锁 LG Android 手机屏幕: https://t.co/kHeXvdAbCF"
-
[ Attack ] Just published research on a CN APT targeting RU using LSB Stego to embed stage 2s in bitmaps:… https://t.co/42dgz8gLMM
" ProofPoint 前天发布的一篇关于中国攻击俄罗斯和白俄罗斯的 APT 报告: https://t.co/42dgz8gLMM"
-
[ Browser ] Chromium Internals - Lifetime of a navigation https://netsekure.org/2017/02/02/chromium-internals-lifetime-of-navigation/
" Chromium 浏览器导航的生命周期: https://t.co/f62F0w7aCc"
-
[ Detect ] Detecting In-Memory Mimikatz https://securityriskadvisors.com/blog/post/detecting-in-memory-mimikatz/
"检测内存中的 Mimikatz: https://t.co/ara4U7IRb5"
-
[ Hardware ] Printer security testing cheat sheet & results for 20 printers http://hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet by RUB_NDS [PRET toolkit… https://t.co/Sib1pE9Y3P
"打印机安全测试手册: https://t.co/AqhDnJKB9s https://t.co/Sib1pE9Y3P"
-
[ iOS ] Hacker Dumps iOS Cracking Tools From Cellebrite Hack https://motherboard.vice.com/en_us/article/hacker-dumps-ios-cracking-tools-allegedly-stolen-from-cellebrite
" 上月媒体报道,黑客从以色列手机取证厂商 Cellebrite 偷了 900GB 的数据。目前黑客称已经从中提取出了 iOS 破解工具: https://t.co/epITK0VTiy"
-
[ Linux ] Attack and Defend: Linux Privilege Escalation Techniques of 2016 https://www.sans.org/reading-room/whitepapers/testing/attack-defend-linux-privilege-escalation-techniques-2016-37562
" SANS 总结的 2016 年 Linux 提权技术: https://t.co/bj62iExdC6 "
-
[ macOS ] Running Executables on macOS From Memory https://blog.cylance.com/running-executables-on-macos-from-memory
"在 macOS 的内存中执行可执行文件: https://t.co/6ZV1ZIQ9eb "
-
[ macOS ] Slides: Crafting macOS Root Kits https://www.zdziarski.com/blog/?p=6909
"构造 macOS Root Kits: https://t.co/EvZZid45dt"
-
[ macOS ] 从CVE-2016-7644回到CVE-2016-4669 http://turingh.github.io/2017/01/15/CVE-2016-7644-%E4%B8%89%E8%B0%88Mach-IPC/ by @ samulehuang
" 从 CVE-2016-7644 回到 CVE-2016-4669(Mach IPC): https://t.co/9IPqq3oNq6 "
-
[ Malware ] Ransomware And The Boot Process http://blog.fortinet.com/2017/02/01/ransomware-and-the-boot-process
"改写 MBR 的勒索软件 Petya 及其引导过程: https://t.co/wHvPIP7jDi"
-
[ Malware ] Improved scripts in .lnk files now deliver Kovter in addition to Locky https://blogs.technet.microsoft.com/mmpc/2017/02/02/improved-scripts-in-lnk-files-now-deliver-kovter-in-addition-to-locky/
" 依靠 .lnk 文件传播的 PowerShell 恶意脚本开始分发 Kovter: https://t.co/AiTXwuxRbE "
-
[ Malware ] Russian cyber espionage group Turla leverages on a new JavaScript Malware http://securityaffairs.co/wordpress/55915/apt/turla-javascript-malware.html
"卡巴斯基称最近发现了一段俄罗斯间谍组织 Turla 使用的 JavaScript 恶意代码: https://t.co/5wNIPHLKdi 卡巴斯基的详细技术分析: https://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payload-from-turla/ "
-
[ MalwareAnalysis ] [ Report is in Japanese ] CYBER GRID VIEW TECHNICAL REPORT VOL.3 | 2017 猛威を振るう RIG Exploit Kit https://www.lac.co.jp/lacwatch/pdf/20170202_cgview_vol3_f001t.pdf
" 日本 LAC 发布的一篇关于 Rig Exploit Kit 的报告(日文): https://t.co/fIYMSIbBib"
-
[ Others ] Blog #Miasm: Data flow analysis: DepGraph http://www.miasm.re/blog/2017/02/03/data_flow_analysis_depgraph.html
"二进制程序的数据流分析以及 DepGraph 算法: https://t.co/sJuzvq85k2"
-
[ Others ] Announcing GVFS (Git Virtual File System) | Microsoft Application Lifecycle Management https://blogs.msdn.microsoft.com/visualstudioalm/2017/02/03/announcing-gvfs-git-virtual-file-system/
" GVFS - Git 虚拟文件系统,微软推出这个系统主要是用于解决 Git 代码库不断膨胀带来的性能问题。来自微软 Blog: https://t.co/s5tnDuGGof http://www.cnbeta.com/articles/581869.htm "
-
[ Pentest ] Web Shells Penetration Testing (Beginner Guide) http://www.hackingarticles.in/web-shells-penetration-testing-beginner-guide/
"WebShell 渗透测试(初学者指南): https://t.co/arMO7uSoKK"
-
[ SCADA ] Honeywell SCADA Controllers Exposed Passwords in Clear Text: https://threatpost.com/honeywell-scada-controllers-exposed-passwords-in-clear-text/123562/ via @ threatpost
"霍尼韦尔 SCADA 控制器暴露明文密码: https://t.co/F9DGNW5uLG"
-
[ Tools ] Metasploit Can Now Be Directly Linked To Hardware For Vulnerability Testing http://www.darkreading.com/vulnerabilities---threats/metasploit-can-now-be-directly-linked-to-hardware-for-vulnerability-testing/d/d-id/1328047
"Metasploit 宣布支持硬件相关的漏洞测试了,如 CAN Bus: https://t.co/BX3V9NYIuj"
-
[ Web Security ] Silent fix to REST API content injection vuln #WordPress: https://threatpost.com/wordpress-silently-fixed-privilege-escalation-vulnerability-in-4-72-update/123533/ via @ threatpost
" 上周 WordPress 发布 4.7.2 版本,该版本悄悄地修复了一个 REST API 内容注入漏洞: https://t.co/bDSagMjI4c ; 有研究员写了一个简单的 Exploit: http://www.vapidlabs.com/exploits/wordpress_exploit.sh.txt 还有一篇相关文章: https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html "
-
[ Windows ] [READ] "Writing a Debugging Tools for Windows Extension" P1: https://msdn.microsoft.com/en-us/magazine/gg650659.aspx P2: https://msdn.microsoft.com/en-us/magazine/hh148143.aspx P3: https://t.co/5R9dfG3j57
"基于 Windows 的 Debugger Engine API,自己写一个调试工具,Part 1: https://t.co/vpS2Xv9JBx Part 2: https://t.co/VfaCzBwAVk Part 3: https://t.co/5R9dfG3j57"
-
[ Windows ] Windows SMBv3 Denial PoC (0 Day Exploit), (Thu, Feb 2nd) https://isc.sans.edu/diary/Windows%2BSMBv3%2BDenial%2Bof%2BService%2BProof%2Bof%2BConcept%2B%280%2BDay%2BExploit%29/22029 #infosec #SMB
"Windows SMBv3 拒绝服务漏洞 PoC,目前该漏洞还处于 0Day 状态: https://t.co/mQuLVLu76u "
-
[ Windows ] Windows DRM Files Used to Decloak Tor Browser Users https://www.bleepingcomputer.com/news/security/windows-drm-files-used-to-decloak-tor-browser-users/#.WJRsQLUEw1o.twitter
"Windows DRM 文件可以被用于追踪 Tor 浏览器用户: https://t.co/Sxa6qHAc7K"