腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] 浏览器 XSS Filter Bypass Cheat Sheet : https://github.com/masatokinugawa/filterbypass
-
[ Browser ] Safari 技术预览版 45 发布 : https://webkit.org/blog/8039/release-notes-for-safari-technology-preview-45/
-
[ Fuzzing ] 内置接口自动感知能力的 Linux 内核驱动 Fuzzing,来自 BlackHat Europe 2017 会议: https://www.blackhat.com/docs/eu-17/materials/eu-17-Corina-Difuzzing-Android-Kernel-Drivers.pdf https://www.blackhat.com/docs/eu-17/materials/eu-17-Corina-Difuzzing-Android-Kernel-Drivers-wp.pdf
-
[ iOS ] 昨天推送了一篇盘古的【iOS 11.2 修复的 IOSurfaceRootUserClient Port UAF 漏洞的分析】,之后有研究员公开了一个完整的 Exploit 代码: https://github.com/Siguza/v0rtex/blob/master/v0rtex.m
-
[ macOS ] macOS High Sierra 10.13.2 安全更新内容: https://support.apple.com/en-us/HT208331
-
[ MalwareAnalysis ] (Not) All She Wrote - RTF 恶意文档的分析方法: https://securityoversimplicity.wordpress.com/2017/11/23/not-all-she-wrote-part-3-rigged-rtf-documents/
-
[ Mobile ] 利用 Bootloader Exploit 为锁定的 Motorola 设备刷机: https://articles.forensicfocus.com/2017/12/05/imaging-locked-motorola-devices-via-bootloader-exploit/
-
[ Mobile ] Attacks against GSMA’s M2M Remote Provisioning,来自 BlackHat Europe 2017 会议: https://www.blackhat.com/docs/eu-17/materials/eu-17-Meyer-Attacks-Against-GSMAS-M2M-Remote-Provisioning.pdf
-
[ Others ] Apple 经常需要获得用户对设备的使用数据,譬如按钮的使用、表情的使用、访问的网站等等,但是这涉及用户隐私,所以苹果开发了一套称为 Differential Privacy 的系统,既得到数据又避免泄露用户隐私: https://machinelearning.apple.com/docs/learning-with-privacy-at-scale/appledifferentialprivacysystem.pdf https://arxiv.org/pdf/1709.02753.pdf
-
[ Pentest ] WebSocket C&C 通信: https://pentestlab.blog/2017/12/06/command-and-control-websocket/
-
[ Processor ] 如何黑掉一台关机状态的 PC - 在 Intel ME 中运行未签名的代码,来自 BlackHat Europe 2017 会议: https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf
-
[ Processor ] 还原 Intel ME 11.x 的 Huffman tables,来自 PTSecurity: http://blog.ptsecurity.com/2017/12/huffman-tables-intel-me.html
-
[ Tools ] sekey - 使用 Touch ID / Secure Enclave 进行 SSH 身份验证: https://github.com/ntrippar/sekey
-
[ Tools ] jsvu - Google Chrome Labs 开源的一个 JavaScript 引擎版本升级工具,有了 jsvu,就不用每次从头自己编译了。支持 Chakra、JavaScriptCore、SpiderMonkey、V8: https://github.com/GoogleChromeLabs/jsvu
-
[ Tools ] 微软开源了一个 Linux 版本的 ProcDump 工具,可以获得应用的内存 DUMP: https://github.com/Microsoft/ProcDump-for-Linux
-
[ Tools ] zbox - 专注隐私的嵌入式文件系统: https://github.com/zboxfs/zbox
-
[ Tools ] Cuckoo Sandbox 发布 2.0.5 版本,增强对 Office DDE 样本分析的支持: https://cuckoosandbox.org/blog/205-office-dde
-
[ Tools ] git-all-secrets - 通过利用多个开源 git 搜索工具来捕获所有 git 仓库中的敏感数据的工具: https://github.com/anshumanbh/git-all-secrets
-
[ Virtualization ] 剖析虚拟内存:堆栈,寄存器和汇编代码: https://blog.holbertonschool.com/hack-virtual-memory-stack-registers-assembly-code/
-
[ Vulnerability ] Dasan 网络无线路由未授权远程代码执行漏洞披露: https://blogs.securiteam.com/index.php/archives/3552
-
[ Vulnerability ] Cisco WebEx Network Recording Player 未授权远程代码执行漏洞披露(CVE-2017-12372): http://www.zerodayinitiative.com/advisories/ZDI-17-933/
-
[ Windows ] Windows 事件日志监控与 ELK 日志分析平台部署实践: http://www.ubersec.com/2017/12/03/monitoring-for-windows-event-logs-and-the-untold-story-of-proper-elk-integration/
-
[ Conference ] 这两天举办的 BlackHat Europe 2017 会议的部分议题资料已经公开了: https://www.blackhat.com/eu-17/briefings.html
-
[ Industry News ] Steam 游戏平台的安装目录 %APPDATA%\Steam, BUILTIN\Users 用户组具有完全控制权限 : https://twitter.com/taviso/status/938210266520489984
-
-
[ MachineLearning ] XLearning - 一款支持多种机器学习、深度学习框架调度系统: https://github.com/Qihoo360/XLearning/blob/master/README_CN.md
-
[ MalwareAnalysis ] 恶意软件分析资源集: https://malwareanalysisforums.com/topic/7/malware-analysis-resources-noobs-read-first
-
[ MalwareAnalysis ] Recam Redux - DeConfusing ConfuserEx: http://blog.talosintelligence.com/2017/12/recam-redux-deconfusing-confuserex.html
-
[ MalwareAnalysis ] Emotet Downloader 再度回归: https://securingtomorrow.mcafee.com/mcafee-labs/emotet-downloader-trojan-returns-in-force/
-
-
-
-
[ Vulnerability ] Kovri I2P 路由器在处理 Garlic 消息时存在越界读漏洞,特殊构造的消息可以泄露内存中的数据: https://hackerone.com/reports/291489