腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Inside Android's SafetyNet Attestation - Android SafetyNet Attestation 保护机制的深度分析: https://www.blackhat.com/docs/eu-17/materials/eu-17-Mulliner-Inside-Androids-SafetyNet-Attestation.pdf https://www.blackhat.com/docs/eu-17/materials/eu-17-Mulliner-Inside-Androids-SafetyNet-Attestation-wp.pdf
-
[ Android ] 三星是如何保护你的钱包的 - 三星支付的攻防研究报告,来自玄武实验室 HC Ma 在 BlackHat Europe 2017 会议的演讲: https://www.blackhat.com/docs/eu-17/materials/eu-17-Ma-How-Samsung-Secures-Your-Wallet-And-How-To-Break-It.pdf
-
[ Android ] Janus - 本月的 Android 补丁中修复了一个影响 APK 签名有效性的漏洞,这个漏洞允许攻击者修改 APP 但却不影响 APK 签名信息的有效性。漏洞发现者将该漏洞命名为 Janus(CVE-2017-13156): https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signature
-
[ Browser ] Chrome 发布 63.0.3239.84 版本,本次更新修复了大量的漏洞: https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
-
[ Fuzzing ] Mutiny Fuzzing Framework - Talos 团队开源了一个用于 Fuzz 网络应用程序的框架,这个框架结合 Decept 代理程序实现高效 Fuzzing: http://blog.talosintelligence.com/2017/12/mutiny-decept.html
-
[ Industry News ] 在约 5500 个被感染的 WordPress 站点上发现后台登录页存在键盘记录: https://www.bleepingcomputer.com/news/security/keylogger-found-on-nearly-5-500-infected-wordpress-sites/
-
[ iOS ] iOS HomeKit 智能家居产品存在漏洞,未授权用户可以远程解锁门锁,目前处于 0Day 状态: https://9to5mac.com/2017/12/07/homekit-vulnerability/
-
[ iOS ] 昨天推送了研究员 v0rtex 公开的 iOS 11.2 IOSurfaceRootUserClient Port UAF 漏洞的完整 Exploit 代码( https://github.com/Siguza/v0rtex/blob/master/v0rtex.m ),今天他又写了一篇 Blog 谈这个漏洞: https://siguza.github.io/v0rtex/
-
[ IoTDevice ] 使用 Raspberry Pi Zero 及 ARC 打造自己的随身密码管理器: https://www.evilsocket.net/2017/12/07/DIY-Portable-Secrets-Manager-with-a-RPI-Zero-and-the-ARC-Project
-
[ MalwareAnalysis ] Trend Micro 对其已经监测9年的 CONFICKER/ DOWNAD 银行木马的回顾与分析: http://blog.trendmicro.com/trendlabs-security-intelligence/conficker-downad-9-years-examining-impact-legacy-systems/
-
[ MalwareAnalysis ] Paloalto 研究员对针对巴西的 Boleto Mestre 攻击行动的分析: https://researchcenter.paloaltonetworks.com/2017/12/unit42-master-channel-the-boleto-mestre-campaign-targets-brazil/
-
[ Others ] Hackerone/Bugcrowd 平台的漏洞数据 DUMP,有研究员在 GitHub 上离线存储了 Hackerone/Bugcrowd 的漏洞报告并且定期更新: https://github.com/arkadiyt/bounty-targets-data
-
[ Others ] XML 弱点与攻击指南: https://gist.github.com/mgeeky/4f726d3b374f0a34267d4f19c9004870
-
[ Others ] Import by Hash in x64 Assembly: https://emsea.github.io/2017/12/04/import-by-hash/
-
[ Pentest ] Penetration Testing Apache Thrift Applications: https://www.mdsec.co.uk/2017/12/penetration-testing-apache-thrift-applications/
-
[ Popular Software ] 前段时间 Office DDE 一直被用于发起代码执行攻击,Lastline 研究员从最近的样本中发现,对于 Excel,除了 DDE,攻击者还可以利用外部链接(Linked File Objects)特性实现拉起本地 CMD 命令: https://www.lastline.com/labsblog/when-scriptlets-attack-excels-alternative-to-dde-code-execution/
-
[ Processor ] INTEL ME 引擎的 Flash 文件系统剖析,来自 Positive 研究员在 BlackHat Europe 2017 会议的演讲: https://www.blackhat.com/docs/eu-17/materials/eu-17-Sklyarov-Intel-ME-Flash-File-System-Explained.pdf https://www.blackhat.com/docs/eu-17/materials/eu-17-Sklyarov-Intel-ME-Flash-File-System-Explained-wp.pdf
-
[ Tools ] EasyCSRF - 用于测试 CSRF 的 BurpSuite 插件: https://github.com/0ang3el/EasyCSRF
-
[ Tools ] 利用 Sysinternals Sysmon 监控进程的可疑行为,来自微软 Blog: https://blogs.technet.microsoft.com/motiba/2017/12/07/sysinternals-sysmon-suspicious-activity-guide/
-
[ Windows ] Windows 服务提权过程中如果没有控制服务 Stop/Restart 的权限怎么办: https://www.blackhillsinfosec.com/digging-deeper-vulnerable-windows-services/
-
[ Windows ] 微软昨天突然推送了一个补丁,紧急修复了 Malware Protection Engine 的一个 RCE 漏洞(CVE-2017-11937): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11937
-
[ WirelessSecurity ] BlueSteal - 利用蓝牙漏洞远程解锁 Vaultek VT20i 枪柜(Gun Safes)(CVE-2017-17435、CVE-2017-17436): https://www.twosixlabs.com/bluesteal-popping-gatt-safes/#top
-
[ Exploit ] 漏洞利用中的堆内存布局优化技巧实战,来自 BlackHat Europe 2017 会议: https://seanhn.files.wordpress.com/2017/12/eu-17-heelan-heap-layout-optimisation-for-exploitation1.pdf
-
-
[ Industry News ] Google 研究员称安全社区一直在呼吁 Google 能够发布一个 iPhone 越狱 Exploit: https://motherboard.vice.com/en_us/article/d3xpyz/google-iphone-ios-jailbreak
-
[ Industry News ] 诸多银行 APP 存在中间人攻击漏洞: https://threatpost.com/banking-apps-found-vulnerable-to-mitm-attacks/129105/
-
[ IoTDevice ] 如何越狱苹果手表,来自 BlackHat Eu 2017 大会: https://speakerdeck.com/mbazaliy/jailbreaking-apple-watch-1
-
[ MalwareAnalysis ] 2018 年恶意软件预测: https://news.sophos.com/en-us/2017/11/02/2018-malware-forecast-ransomware-hits-hard-crosses-platforms/?cmp=701j0000001nd8sAAA
-
-
-
[ SCADA ] 在 2017 BH EU 上, CyberX 研究员展示了如何利用特殊构造的逻辑代码注入到 PLCs 中,进而以 AM 广播信道传播信号,最终实现远程入侵物理隔离的工控系统: https://cyberx-labs.com/en/press-releases/cyberx-security-researchers-demonstrate-jump-icsscada-air-gap-black-hat-europe-2017/
-
-
-
[ Windows ] Licensed Memory in 32-Bit Windows Vista: http://www.geoffchappell.com/notes/windows/license/memory.htm
-