腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ APT ] 对攻击中东地区的 MuddyWater APT 的详细分析报告: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
-
[ Linux ] Kali Linux 2017.3 发布: https://www.kali.org/releases/kali-linux-2017-3-release/
-
[ MalwareAnalysis ] 《Using Existing Malware to Save You Time》,为了解决恶意代码中解密、解压缩算法逆向工作量大的问题,Palo Alot 这篇 Blog 提出了一种方法,提取恶意软件中的解密逻辑代码,单独编译,省时而且方便批量解密: https://researchcenter.paloaltonetworks.com/2017/11/unit42-using-existing-malware-save-time/
-
[ Others ] Ring3/Ring0 Rootkit Hook 检测技术 P1/2: http://www.pentestingexperts.com/ring3-ring0-rootkit-hook-detection-1-2/
-
[ Others ] 识别 Empire 框架的 HTTP 侦听器: https://www.tenable.com/blog/identifying-empire-http-listeners
-
[ Others ] Project Zero 昨晚公开了多个 WebKit 的漏洞(CVE-2017-13791/CVE-2017-13798/CVE-2017-13794/CVE-2017-13802/CVE-2017-13783/CVE-2017-13784/CVE-2017-13785/CVE-2017-13795/CVE-2017-13797/CVE-2017-13792/CVE-2017-13796): https://bugs.chromium.org/p/project-zero/issues/list?can=1&q=modified%3Etoday-1+&sort=-modified&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary+Modified&cells=ids
-
[ Others ] Cambium 网络更新工具和网络服务器多个漏洞披露: https://blogs.securiteam.com/index.php/archives/3526
-
[ Popular Software ] 0patch 对 9 月份野外发现的 Office Word 类型混淆 0Day(CVE-2017-11826)的分析及提供的手动 Patch 方法: https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html
-
[ Tools ] Awesome Python - Python 优秀资源收集: https://awesome-python.com/
-
[ Tools ] SG1 - 数据加密、提取和转换的工具: https://github.com/evilsocket/sg1
-
[ Tools ] AVSignSeek - 在恶意软件 Payload 二进制文件中定位杀软查杀特征(Signature)偏移量的工具: https://github.com/hegusung/AVSignSeek
-
[ Tools ] Malware-Analysis - 恶意软件分析工具和资源列表: https://github.com/wtsxDev/Malware-Analysis
-
[ Vulnerability ] Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability: http://blog.trendmicro.com/trendlabs-security-intelligence/mitigating-cve-2017-5689-intel-management-engine-vulnerability/
-
[ Web Security ] 测试主流 Web 服务器(IIS、Apache、Nginx)在处理文件上传时的文件类型黑白名单问题: https://mike-n1.github.io/ExtensionsOverview
-
[ Windows ] 基于注册表 HKCU SYSTEMROOT 的 UAC Bypass 方法收集: https://twitter.com/i/web/status/933218037020295170https://bytecode77.com/hacking/exploits
-
-
[ Industry News ] 加拿大商业银行客户遭受针对性的钓鱼邮件攻击: https://securityintelligence.com/canadian-business-banking-customers-hit-with-targeted-phishing-account-takeover-attacks/
-
-
-
-
[ Vulnerability ] JBOSSAS 5.x/6.x 反序列化命令执行漏洞(CVE-2017-12149)通告: http://mp.weixin.qq.com/s/zUJMt9hdGoz1TEOKy2Cgdg
-
[ Vulnerability ] From Markdown to RCE in Atom: https://statuscode.ch/2017/11/from-markdown-to-rce-in-atom/
-