腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ APT ] APT34 使用 CVE-2017-11882 漏洞在中东地区发动新的有针对性的攻击: http://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html
-
[ Cloud ] 微软的云 ERP 产品泄露了 TLS 加密私钥: https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648
-
[ Linux ] Linux Kernel 4.10.5 / <4.14.3 (Ubuntu) DCCP Socket UAF 漏洞利用 (CVE-2017-8824): https://www.exploit-db.com/exploits/43234/
-
[ macOS ] macOS 10.13.1 系统中,如果我们有能力改写任何不受 SIP 保护的文件,但是改写后的属主不是 ROOT。这种条件下如何实现进一步利用提权,作者想到的方法是:cron: https://m4.rkw.io/blog/macos-high-sierra-10131-insecure-cron-system.html
-
[ Operating System ] 黑莓 QNX Qnet 类 Unix 实时操作系统权利提升漏洞简析(CVE-2017-3891) : https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet
-
[ Tools ] Shodanwave - 针对 Netwave IP 摄像头的信息获取及利用工具: https://github.com/evilsocketbr/shodanwave
-
[ Tools ] V3n0M-Scanner - 基于 Python 3.6 的渗透测试扫描器 : https://github.com/v3n0m-Scanner/V3n0M-Scanner
-
[ Virtualization ] VMware Guest->Host 虚拟机逃逸漏洞案例的总结报告,来自 BlackHat Europe 2017 会议: https://www.blackhat.com/docs/eu-17/materials/eu-17-Mandal-The-Great-Escapes-Of-Vmware-A-Retrospective-Case-Study-Of-Vmware-G2H-Escape-Vulnerabilities.pdf
-
[ Windows ] Process Doppelgänging - 有研究员提出的一种新的无文件恶意软件杀软逃逸技术。其利用 Windows NTFS Transactions 结合 Windows Loader 实现对合法进程的替换: https://thehackernews.com/2017/12/malware-process-doppelganging.html https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
-
[ Windows ] Microsoft Equation Editor CVE-2017-11882 溢出漏洞野外样本的分析,来自 Palo Alto: https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/
-
[ Windows ] Fox-IT 对 NSA 武器库 DanderSpritz 中的 Windows Event Log 删除工具 eventlogedit 的分析,文章中也提到了如何还原该工具删除的日志: https://blog.fox-it.com/2017/12/08/detection-and-recovery-of-nsas-covered-up-tracks/