腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] PacSec 2017 和 Mobile Pwn2Own 将于这两天在日本东京举办。上周五 ZDI 发了一篇 Blog 介绍今年 Pwn2Own 2017 比赛中长亭科技利用 SQLite 漏洞攻击 Safari 的细节(ZDI-15-570, ZDI-17-360, ZDI-17-366, ZDI-17-367, ZDI-17-368, and ZDI-17-369)。今年的 BlackHat 长亭科技研究员也分享过这个利用过程: https://www.zerodayinitiative.com/blog/2017/10/27/on-the-trail-to-mobile-pwn2own https://www.blackhat.com/docs/us-17/wednesday/us-17-Feng-Many-Birds-One-Stone-Exploiting-A-Single-SQLite-Vulnerability-Across-Multiple-Software.pdf
-
[ Detect ] Deception-as-Detection - 基于欺骗的检测技术: https://github.com/0x4D31/deception-as-detection
-
[ Industry News ] Slack 企业聊天工具的 SAML 用户认证存在漏洞,允许过期的用户再次获取访问权限: https://threatpost.com/slack-plugs-severe-saml-user-authentication-hole/128655/
-
[ Linux ] 使用 Voltage Fault Injection 实现 Linux 本地提权(Paper): https://www.riscure.com/uploads/2017/10/Riscure_Whitepaper_Escalating_Privileges_in_Linux_using_Fault_Injection.pdf
-
[ MalwareAnalysis ] Paloalto 通过对钓鱼行动的分析找到了攻击者的恶意软件仓库,并对其恶意仓库的内容做了进一步分析: https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeted-phishing-attacks-point-leader-threat-actors-repository/
-
[ Others ] Hack ATM with an anti-hacking feature,ATM 设备中的访问控制组件的分析,本报告主要关注卡巴斯基的嵌入式系统(KESS)的安全防护和绕过技术。来自 Embedi: https://embedi.com/files/white-papers/Hack-ATM-with-an-anti-hacking-feature-and-walk-away-with-1M-in-2-minutes.pdf
-
[ Others ] Formal validation of the Arm v8-M : https://alastairreid.github.io/papers/oopsla2017-whoguardstheguards-slides.pdf
-
[ Tools ] Stage-RemoteDll - 用 PowerShell 实现 NtCreateThreadEx/ QueueUserAPC/ SetThreadContext/ SetWindowsHookEx DLL 注入技术: https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Stage-RemoteDll.ps1
-
[ Tools ] open-redirect-scanner - 任意网址跳转漏洞扫描脚本: https://github.com/ak1t4/open-redirect-scanner
-
[ Vulnerability ] Hyper-V debugging for beginners 与 Hyper-V 漏洞 MS13-092 的补丁分析: http://hvinternals.blogspot.com/2017/10/hyper-v-debugging-for-beginners-part-2.html
-
[ Windows ] 逆向分析 Windows 内核 Kernel Pool 中的 Bitmap 对象占多少字节: https://theevilbit.blogspot.hu/2017/10/abusing-gdi-objects-bitmap-objects-size.html
-
[ WirelessSecurity ] 使用手机攻击蓝牙智能锁设备: https://smartlockpicking.com/tutorial/how-to-pick-a-ble-smart-lock-and-cause-cancer/