腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/02/09

Ben Hawkes @benhawkes

[ Android ] Project Zero blog: "Lifting the (Hyper) Visor: Bypassing Samsung’s Real-Time Kernel Protection" by @ laginimaineb - https://googleprojectzero.blogspot.com/2017/02/lifting-hyper-visor-bypassing-samsungs.html

"Android 系统利用 Verified Boot Chain 来保证启动过程中内核组件加载的完整性，三星在此基础上引入了 Real-Time Kernel Protection（RKP）保护机制，用于保证内核运行时状态的完整性。这篇 Blog 介绍 Project Zero 研究员对 RKP 机制的研究，包括 RKP 是如何实现的以及如何绕过它的防护： https://t.co/v4yfXVNG9e"
Binni Shah @binitamshah

[ Android ] Android-Debug-Database : A library for debugging android databases and shared preferences - Make Debugging Great : https://github.com/amitshekhariitbhu/Android-Debug-Database

"Android Debug Database︰用于调试 android 应用数据库的工具︰ https://t.co/BQ8V5jHqBl"
Ѻṧαη∂α ☣ ☠ ☢ @OsandaMalith

[ Attack ] MySQL Injection in Update, Insert and Delete https://osandamalith.com/2017/02/08/mysql-injection-in-update-insert-and-delete/ via @ OsandaMalith

"在 MySQL 进行 Update、Insert 及 Delete 操作时的注入介绍： https://t.co/5R5vJU3SsN "
Gof @_Gof_

[ MalwareAnalysis ] Tools to extract VBA Macro [updated] http://www.decalage.info/fr/vba_tools & VBA Emulation to Analyze Obf. Macros http://decalage.info/vba_emulation by @ decalage2

"从 MS Office 提取 VBA Macro 源码的工具介绍： https://t.co/9FlP3Jjs02"
Binni Shah @binitamshah

[ MalwareAnalysis ] Detailed threat analysis of Shamoon 2.0 Malware : http://www.vinransomware.com/blog/detailed-threat-analysis-of-shamoon-2-0-malware https://t.co/ep91J8SPzm

"针对恶意软件 Shamoon 2.0 的详细分析︰ https://t.co/NvzCJfowLO https://t.co/ep91J8SPzm"
Binni Shah @binitamshah

[ MalwareAnalysis ] Inside the Necurs botnet : The origin of Locky malspam : https://www.uperesia.com/inside-the-necurs-botnet https://t.co/W9AQwccxlT

"深入分析 Necurs botnet︰ https://t.co/5sQHhjms7k "
Roee Hay @roeehay

[ Mobile ] New Bootloader Vulnerabilities in OnePlus 3/3T - CVE-2017-5626 and CVE-2017-5624 https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/

"利用 Bootloader 解锁 OnePlus 3/3T 手机（CVE-2017-5626 和 CVE-2017-5624）： https://t.co/SY1E0RLZed"
Binni Shah @binitamshah

[ Operating System ] Remote DoS against OpenBSD http server (up to 6.0) : https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html // CVE-2017-5850

"OpenBSD http server 远程拒绝服务攻击漏洞细节（CVE-2017-5850): https://t.co/Z5okVPGOmb "
Microsoft Edge Dev @MSEdgeDev

[ Others ] Huge announcement from #WindowsDevDay: Windows platform roadmap and bug tracker going public. Based on the Edge bug… https://t.co/0Nfw5qlfK2

"微软云平台上的一些项目开发进度： Https://t.co/0Nfw5qlfK2 https://www.microsoft.com/en-us/cloud-platform/roadmap-in-development "
Javier Marcos ⚡️ @javutin

[ Others ] The Uber SSH Certificate Authority is now open source! https://medium.com/uber-security-privacy/introducing-the-uber-ssh-certificate-authority-4f840839c5cc

"Uber SSH 证书颁发机制介绍： https://t.co/LuYyJaHkNm"
Borja Merino @BorjaMerino

[ Others ] PolyHook - x86/x64 Hooking Library https://www.codeproject.com/Articles/1100579/PolyHook-The-Cplusplus-x-x-Hooking-Library

"PolyHook - x86/x64 Hooking Library： https://t.co/iHqsBJVtnU"
Francisco Alonso @revskills

[ Others ] libplist + libFuzzer :-) cool @ pimskeks https://github.com/google/oss-fuzz/tree/master/projects/libplist

"利用 oss-fuzz Fuzz plist 文件格式： https://t.co/92MdWTj0pQ"
Source Incite @sourceincite

[ SecurityProduct ] We would like to thank @thezdi & @TrendMicro for working with us on securing TMCM from multiple RCE vulnerabilities: https://t.co/HxqdBP2kqD

"Trend Micro Control Manager (TMCM) 6.0 中存在多个漏洞︰ https://t.co/HxqdBP2kqD"
Adam Schwalm @ALSchwalm

[ Tools ] I made a plugin for exporting debug info from IDA. Hope someone finds it useful: https://github.com/ALSchwalm/dwarfexport

"dwarfexport -- 可以导出 dwarf 调试信息的 IDA 插件︰ https://t.co/iUuIJDjwqH"
James Forshaw @tiraniddo

[ Tools ] Updated NtObjectManager PS module (https://www.powershellgallery.com/packages/NtObjectManager/1.0.2) check release notes for additions such as Reparse Point… https://twitter.com/i/web/status/829348808559583232

"NtObjectManager - 用于管理 NT 内核对象的 PowerShell 模块： https://t.co/0SgkK5Ro8y"
Arno0x0x @Arno0x0x

[ Tools ] A dumb PoC of shellcode brute force xor decryption. Just for the record - bfDecryptShellcode.cs https://github.com/Arno0x/CSharpScripts

"CSharpScripts -- C# 安全脚本收集： https://t.co/adNjqR9REm"
Binni Shah @binitamshah

[ Tools ] wuzz : Interactive cli tool for HTTP inspection : https://github.com/asciimoo/wuzz https://t.co/1ozyeQfQTg

"wuzz -- 用于 HTTP 检测的交互式命令行工具，类似命令行版的 burpsuite： https://t.co/5VQKD3R9KE https://t.co/1ozyeQfQTg"
`Ivan @Ivanlef0u

[ Windows ] How Control Flow Integrity is implemented in Windows 10 http://lucasg.github.io/2017/02/05/Control-Flow-Guard/ Process Hacker 2 CFG support

"Windows 10 实现控制流完整性的分析： https://t.co/U0mEDxFZvE"
FireF0X @hFireF0X

[ Windows ] Nice ExpLife article about another autoelevated and undocumented COM interface IARPUninstallStringLauncher http://www.freebuf.com/articles/system/116611.html (Chinese)

"巧用COM接口IARPUninstallStringLauncher绕过UAC： https://t.co/R47vfQ9F7M "
Jerry Gamblin @JGamblin

[ WirelessSecurity ] Web Bluetooth Samples https://googlechrome.github.io/samples/web-bluetooth/

"Web 蓝牙样本集： https://t.co/wSbiUjxgUd"
Francisco Alonso @revskills

[ WirelessSecurity ] 802.11s Security and Google Wifi https://security.googleblog.com/2017/02/80211s-security-and-google-wifi.html

"802.11s Security and Google Wifi： https://t.co/6sLEpWOXRM"

Xuanwu Spider via Incapsula Blog

[ MalwareAnalysis ] Bot Traffic Report 2016： https://www.incapsula.com/blog/bot-traffic-report-2016.html
Xuanwu Spider via 小陈吐槽

[ WirelessSecurity ] 渗透测试某大型互联网公司的思路与收获： https://zhuanlan.zhihu.com/c_76081452
Xuanwu Spider via gnome

[ Browser ] 2016 年 WebKit（WebKitGTK+）在安全性方面的一些变化： https://blogs.gnome.org/mcatanzaro/2017/02/08/an-update-on-webkit-security-updates/

2017/02/09