腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Cloud ] 使用 DNS 打破 AWS 云环境中的隔离网络: https://dejandayoff.com/using-dns-to-break-out-of-isolated-networks-in-a-aws-cloud-environment/
-
[ macOS ] macOS High Sierra 爆 ROOT 用户空密码登陆。多次点击登陆按钮,root 用户可以用一个空密码登陆进系统: https://twitter.com/i/web/status/935578694541770752 https://news.hitb.org/content/anyone-can-hack-macos-high-sierra-just-typing-root
-
[ Malware ] Paloalto 发现一个新型木马 UBoatRAT 在东亚肆略: https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/
-
[ Malware ] 新的加密货币挖矿木马 OSX.CpuMeaner 将目标指向 macOS: https://www.sentinelone.com/blog/osx-cpumeaner-miner-trojan-software-pirates/
-
[ MalwareAnalysis ] 网络犯罪分子如何滥用聊天平台 API 作为C&C 通信的基础设施: https://documents.trendmicro.com/assets/wp/wp-how-cybercriminals-can-abuse-chat-platform-apis-as-cnc-infrastructures.pdf
-
[ MalwareAnalysis ] Cisco Talos 团队对 ROKRAT 恶意软件新版本的分析: http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html
-
[ Others ] 强化 Whonix 和主机操作系统平台: https://www.whonix.org/wiki/System_Hardening_Checklist
-
[ Tools ] 一份针对安全人员的渗透测试工具列表: https://techincidents.com/complete-penetration-testing-tool/
-
[ Tools ] JAWS - Windows 渗透测试过程中提权之前用于收集系统信息的脚本,基于 PowerShell 编写: https://github.com/411Hall/JAWS
-
[ Tools ] cloud-inquisitor - 在 AWS 中加强所有权和数据安全性的工具: https://github.com/RiotGames/cloud-inquisitor
-
[ Tools ] Mitre 组织创建了一个称作 ATT&CK 的项目,之前有过推送,这个项目整理了攻击和入侵者常用的一些技术和策略。看到这个项目之后,来自 Veramine 团队的研究员也创建了一个项目,用于总结和讨论如何检测和防御 ATT&CK 项目中涉及的攻击技术: https://attack.mitre.org/wiki/Main_Page https://github.com/veramine/Detections/wiki
-
-
-
[ Web Security ] 巧妙的绕过 Yahoo! View 的 CORS 策略: http://www.sxcurity.pro/2017/11/27/tricky-CORS/
-
[ Windows ] 利用堆风水实现 Kernel Pool 越界写漏洞的利用: https://rootkits.xyz/blog/2017/11/kernel-pool-overflow/
-
[ Browser ] Firefox 58 版本将禁止 Top-Level 窗口到 data URL 的跳转: https://blog.mozilla.org/security/2017/11/27/blocking-top-level-navigations-data-urls-firefox-58/
-
[ Industry News ] 报道称,HP 在个人电脑上偷偷预装间谍软件: https://www.engadget.com/2017/11/28/hp-quietly-installs-system-slowing-spyware-on-its-pcs/
-
[ Industry News ] 报道称HP在个人电脑上偷偷安装间谍软件: https://www.engadget.com/2017/11/28/hp-quietly-installs-system-slowing-spyware-on-its-pcs/
-
-
[ Malware ] Ursnif 变种利用 TLS Callback 技术实现进程注入: https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tls-callback-technique.html
-
[ Malware ] Ursnif v3 将目标瞄准澳大利亚银行用户:https://securityintelligence.com/ursnif-v3-emerges-targets-australian-bank-customers-with-redirection-attacks/
-
[ MalwareAnalysis ] 前两周推送过 "新型木马 IcedID 将目标瞄准美国金融机构",经 KernelMode 论坛研究员分析,IcedID 中的 UAC Bypass 方法来自 UACME 项目: http://www.kernelmode.info/forum/viewtopic.php?f=16&p=31078#p31077
-
[ MalwareAnalysis ] AI引擎助力揭秘百万地下暗流EvilJS隐匿者家族幕后: http://www.freebuf.com/articles/network/154966.html
-
[ Popular Software ] Symantec Encryption Desktop 本地提权,在 NTFS 文件系统上实现任意磁盘读写: https://labs.nettitude.com/blog/symantec-encryption-desktop-local-privilege-escalation-exploiting-an-arbitrary-hard-disk-read-write-vulnerability-over-ntfs/
-
[ ReverseEngineering ] Reverse Engineering the iOS Backup: https://www.richinfante.com/2017/3/16/reverse-engineering-the-ios-backup
-
[ SecurityReport ] Cybereason 发布的关于2018年网络安全的5大预测: https://www.cybereason.com/blog/5-predictions-for-cybersecurity-in-2018
-
[ Tools ] Ecommerce-Website-Security-CheckList: https://github.com/IamHDT/Ecommerce-Website-Security-CheckList