腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Exploiting on CVE-2016-6787,CVE-2016-6787 漏洞是位于 Android 内核 perf 子系统中的提权漏洞: https://hardenedlinux.github.io/system-security/2017/10/16/Exploiting-on-CVE-2016-6787.html
-
[ APT ] 卡巴斯基实验室对 BlackOasis APT 行动的调查分析: https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/
-
[ Industry News ] Adobe 修复了在 Black Oasis APT 行动中使用的 Flash 0day: https://threatpost.com/adobe-patches-flash-zero-day-exploited-by-black-oasis-apt/128467/
-
[ IoTDevice ] IoT 安全攻击面介绍: https://www.peerlyst.com/posts/getting-started-with-iot-security-mapping-the-attack-surface-aditya-gupta
-
[ Linux ] Linux 内核 fsnotify 实现过程中的条件竞争本地提权漏洞 Exploit(CVE-2017-7533): https://github.com/hardenedlinux/offensive_poc/tree/master/CVE-2017-7533
-
[ Others ] Cisco ASA 系列文章 5:libptmalloc 的 GDB 调试插件。来自 NCC Group: https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/october/cisco-asa-blog-series-part-five-libptmalloc-gdb-plugin/
-
[ SecurityAdvisory ] Adobe Flash Player 远程代码执行漏洞补丁发布( CVE-2017-10952 ) : https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
-
-
[ Tools ] WHID - WiFi HID Injector - An USB Rubberducky / BadUSB On Steroids: https://github.com/whid-injector/WHID
-
[ Tools ] DbgShell - A PowerShell front-end for the Windows debugger engine: https://github.com/Microsoft/DbgShell/
-
[ Tools ] Passionfruit - 长亭科技开源的一款 iOS APP 黑客分析工具: https://github.com/chaitin/passionfruit
-
[ Vulnerability ] Adobe ColdFusion RMI Registry.bind() 反序列化远程代码执行漏洞披露: https://www.nccgroup.trust/uk/our-research/technical-advisory-adobe-coldfusion-rmi-registry.bind-deserialisation-rce/?research=Technical+advisories
-
[ Vulnerability ] LLVM 编译器中的空指针解引用漏洞(llvm::ScalarEvolution::getMulExpr): https://bugs.llvm.org/show_bug.cgi?id=34968
-
[ Windows ] Windows 内核 nt!RtlpCopyLegacyContextX86 Kernel Pool 信息泄露漏洞(CVE-2017-11784): https://bugs.chromium.org/p/project-zero/issues/detail?id=1311
-
[ Windows ] 基于 Windows 事件日志定位和解码恶意 PowerShell 脚本: http://az4n6.blogspot.com/2017/10/finding-and-decoding-malicious.html
-
[ WirelessSecurity ] Wi-Fi WPA2 协议被曝安全漏洞。Clients 加入 WPA2 网络的 Four-way 握手过程中攻击者可以发起 Key Reinstallation 攻击,成功之后可以实现数据包被解密、数据包重放、TCP 链路劫持等: https://threatpost.com/krack-attack-devastates-wi-fi-security/128461/ https://www.krackattacks.com/ https://papers.mathyvanhoef.com/ccs2017.pdf
-
[ Android ] Android APP SSL 相关漏洞的研究报告《Danger is My Middle Name: Experimenting with SSL Vulnerabilities in Android Apps》: https://arxiv.org/ftp/arxiv/papers/1505/1505.00589.pdf
-
-
[ Browser ] Browser UI Security 技术白皮书,来自 腾讯玄武实验室 xisigr: http://xlab.tencent.com/cn/2017/10/16/browser-ui-security-whitepaper/
-
[ Industry News ] 网络安全监控工具 Bro 昨天修复了其 ContentLine 组件的一个越界写漏洞: http://blog.bro.org/2017/10/bro-252-242-release-security-update.html
-
[ Industry News ] Chrome 官方最近从三个方面着手解决 Windows 版 Chrome 用户被 Unwanted Software 影响用户体验的问题: https://www.blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/
-
-
[ Others ] 威胁情报在安全运维中的应用,来自 360:https://www.slideshare.net/JeremyLi10/application-of-threat-intelligence-in-security-operation
-
-
-
[ SecurityProduct ] Ikraus 反病毒软件远程代码执行漏洞披露,含POC: https://blogs.securiteam.com/index.php/archives/3485
-
[ Tools ] macSubstrate - Substrate for macOS,macOS 系统中跨进程注入代码的工具,类似于 iOS 中的 Cydia Substrate: https://github.com/wzqcongcong/macSubstrate
-
[ Vulnerability ] ROCA: Vulnerable RSA generation (CVE-2017-15361),Infineon Technologies AG 公司产的智能卡、Token和硬件芯片的密钥生成过程存在漏洞,存在因数分解(factorization)攻击: https://crocs.fi.muni.cz/public/papers/rsa_ccs17
-
-
[ WirelessSecurity ] 思科官网公开了 WiFi WPA KRACK 攻击相关的多个漏洞的介绍: https://blogs.cisco.com/security/wpa-vulns