腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] Hunting For In-Memory .NET Attacks - 检测基于 .NET 实现的内存代码注入攻击: https://www.endgame.com/blog/technical-blog/hunting-memory-net-attacks
-
[ Crypto ] 以太区块链 Bancor 的一个博弈漏洞的深入分析《Front-running Bancor in 150 lines of Python with Ethereum API》: https://hackernoon.com/front-running-bancor-in-150-lines-of-python-with-ethereum-api-d5e2bfd0d798
-
[ Firmware ] 利用 IOMMU(输入输出管理单元)对抗固件中的 DMA 攻击,来自 Intel 的 Paper: https://firmware.intel.com/sites/default/files/Intel_WhitePaper_Using_IOMMU_for_DMA_Protection_in_UEFI.pdf
-
[ Industry News ] 一加手机 OnePlus OxygenOS 被曝收集用户的使用情况信息: https://www.chrisdcmoore.co.uk/post/oneplus-analytics/
-
[ Industry News ] 色情网站已经成为恶意广告攻击活动的集散地: https://threatpost.com/porn-site-becomes-hub-for-malvertising-campaigns/128353/
-
[ Industry News ] WannaCry 勒索软件在中东和北非被售卖: http://blog.trendmicro.com/trendlabs-security-intelligence/wannacry-ransomware-middle-eastern-north-african-underground/
-
[ Industry News ] 以色列是怎么抓住到处找美国情报局秘密的俄罗斯黑客的: https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html?_r=0
-
-
[ macOS ] 剖析 macOS 的日志 - logd 服务以及它所管理的文件: https://eclecticlight.co/2017/10/10/inside-the-macos-log-logd-and-the-files-that-it-manages/
-
[ Others ] 如何用 osquery 搜索偷用 CCleaner 签名证书的恶意程序: https://blog.trailofbits.com/2017/10/10/tracking-a-stolen-code-signing-certificate-with-osquery/
-
[ Others ] 使用 Sysmon 寻找带宏的 Word 恶意文档: http://syspanda.com/index.php/2017/10/10/threat-hunting-sysmon-word-document-macro/
-
[ Others ] The Absurdly Underestimated Dangers of CSV Injection: http://georgemauer.net/2017/10/07/csv-injection.html
-
[ Popular Software ] 不需要宏代码,利用 DDE(Dynamic Data Exchange)协议实现 MS Word 的命令执行,弹出计算器: https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
-
[ ReverseEngineering ] 使用 radare2 逆向分析 Gameboy ROM : https://www.megabeets.net/reverse-engineering-a-gameboy-rom-with-radare2/
-
[ SecurityAdvisory ] Intel 发布 NUC 主板的系统固件更新,修复了多个高危漏洞(CVE-2017-5700/CVE-2017-5701/CVE-2017-5721/CVE-2017-5722): https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr
-
[ SecurityProduct ] Cisco ASA 系列第 4 节: dlmalloc-2.8.x, libdlmalloc, & dlmalloc on Cisco ASA: https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/october/cisco-asa-series-part-four-dlmalloc-2.8.x-libdlmalloc-and-dlmalloc-on-cisco-asa/
-
[ Tools ] JSRT - 研究员 tinysec 开源的一个 JavaScript 运行时,利用 JSRT 可实现 JS 代码的执行以及与 Windows Native 代码的交互: https://github.com/tinysec/jsrt
-
[ Vulnerability ] rubygems.org 远程代码执行漏洞详情(CVE-2017-0903) : https://justi.cz/security/2017/10/07/rubygems-org-rce.html
-
[ Windows ] 今天发布的 Windows 补丁修复了多个 Windows DNS Client 的堆溢出漏洞(CVE-2017-11779)。该漏洞存在于 DNSAPI.dll,特殊构造的 DNS 响应数据包可以触发,成功利用可以实现 SYSTEM 权限的 RCE。来自 BishopFox 对该漏洞的技术分析: https://www.bishopfox.com/blog/2017/10/a-bug-has-no-name-multiple-heap-buffer-overflows-in-the-windows-dns-client/
-
[ Windows ] The forgotten interface: Windows named pipes: https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf
-
[ Browser ] ZDI 对 Pwn2Own 2017 比赛中玄武实验室攻击 Edge 浏览器所用的 Chakra JIT 漏洞的分析(CVE-2017-0234): https://www.zerodayinitiative.com/blog/2017/10/5/check-it-out-enforcement-of-bounds-checks-in-native-jit-code
-
[ Browser ] Edge 浏览器的 arraybuffer 占用 4G 虚拟空间的特性可以用来做 64 位的精确堆喷射,可以精确的伪造需要的数据结构。来自 yuange 微博: http://weibo.com/2246379231/FpHBgievX?ref=collection
-
[ CyberCrime ] 苏维埃银行被抢后续-混合网络犯罪的研究: https://www.trustwave.com/Resources/SpiderLabs-Blog/Post-Soviet-Bank-Heists---A-Hybrid-Cybercrime-Study/
-
[ Industry News ] 10 月 17 号将要发布的 Windows 10 Fall Creators 大版本更新中,EdgeHTML 16 将支持 WebVR: https://blogs.windows.com/msedgedev/2017/10/10/bringing-webvr-everyone-windows-10-fall-creators-update/#rr8ceiKaIZcu4bGT.97
-
[ MalwareAnalysis ] 对 ATM 机恶意软件 ATMii 的详细分析: https://securelist.com/atmii-a-small-but-effective-atm-robber/82707/
-
[ Operating System ] ChromeOS基于eCryptfs的用户数据安全保护机制: http://www.iceswordlab.com/2017/10/09/ChromeOs-Userdata-Protection-Mechanism-Based-On-eCryptfs/
-
[ Popular Software ] 微信挂死为哪般? 原来是微软音频驱动模块 MaxxAudioRenderAVX64 的 Double Free 搞的鬼: https://mp.weixin.qq.com/s/6J1VJVYYyFPAeC5-Mr0ZKQ
-
[ Popular Software ] 最新Office 0day漏洞(CVE-2017-11826)在野攻击通告: http://blogs.360.cn/blog/office_0day_cve-2017-11826_ch/
-
[ Programming ] Python 2.x 与 3.x 在安全性方面的比较: https://snyk.io/blog/python-2-vs-3-security-differences/
-
[ SecurityAdvisory ] 微软发布 10 月安全公告: https://portal.msrc.microsoft.com/en-us/security-guidance http://blog.talosintelligence.com/2017/10/ms-tuesday.html
-
-
[ Windows ] 今天修复的 CVE-2017-8715 UMCI/CLM Bypass 是对 CVE-2017-0215 漏洞补丁的绕过: https://twitter.com/enigma0x3/status/917803030803832837 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8715