腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2018/03/15

[ Android ] 利用 Frida 绕过Certificate Pinning ： https://blog.it-securityguard.com/the-stony-path-of-android-%F0%9F%A4%96-bug-bounty-bypassing-certificate-pinning/
[ Backdoor ] Diamorphine - 适用于 Linux Kernels 2.6.x/3.x/4.x 内核的 LKM rootkit： https://github.com/alex91ar/Diamorphine
[ Challenges ] Pwn2Own 2018 赛程： https://www.zerodayinitiative.com/blog/2018/3/14/welcome-to-pwn2own-2018-the-schedule
[ Detect ] 检测 PE 文件 RICH 头的异常: https://blog.kwiatkowski.fr/?q=en/rich-header
[ Forensics ] Regaxor 正则表达式模糊测试工具介绍： https://github.com/0xSobky/HackVault/wiki/Regaxor:-Fuzzing-Regexes-for-Fun-and-Not%E2%80%90So%E2%80%90Much-Profit
[ Hardware ] 29 种 USB 攻击方法介绍： https://www.bleepingcomputer.com/news/security/heres-a-list-of-29-different-types-of-usb-attacks/
[ MalwareAnalysis ] Tropic Trooper 团伙最新的攻击行动具有与以往不同的行为特征，趋势科技对此做了详细调查： https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/
[ Popular Software ] SAP NetWeaver AS JAVA CRM Log 注入导致的远程代码执行漏洞 POC（CVE-2018-2380）： https://github.com/erpscanteam/CVE-2018-2380
[ Tools ] AndHook - 一个轻量级的 Android hook 框架： https://github.com/rrrfff/AndHook
[ Tools ] uitkyk - 自定义 Android Frida 库，用于分析 Android 应用程序的恶意行为： https://github.com/brompwnie/uitkyk
[ Tools ] TPM Genie - Interposer Attacks Against the Trusted Platform Module Serial Bus： https://www.nccgroup.trust/us/our-research/tpm-genie-interposer-attacks-against-the-trusted-platform-module-serial-bus/?style=Cyber+Security
[ Tools ] arm_now - 帮助研究人员快速配置测试虚拟机的工具，支持多种 CPU 架构： https://github.com/nongiach/arm_now
[ Tools ] lazyrecon - 渗透测试前期情报自动化收集工具： https://github.com/nahamsec/lazyrecon
[ Tools ] Uber 开源的一款 adversarial simulation 工具 - Metta : https://medium.com/uber-security-privacy/uber-security-metta-open-source-a8a49613b4a
[ Vulnerability ] DocuTrac Office Therapy Installer 硬编码凭证以及加密SALT漏洞披露（CVE-2018-5551，CVE-2018-5552）： https://blog.rapid7.com/2018/03/14/r7-2018-01-cve-2018-5551-cve-2018-5552-docutrac-office-therapy-installer-hard-coded-credentials-and-cryptographic-salt/
[ Vulnerability ] Appweb 认证绕过漏洞披露（CVE-2018-8715）： https://blogs.securiteam.com/index.php/archives/3676
[ Web Security ] Chrome XSS Auditor – SVG 绕过： https://brutelogic.com.br/blog/
[ Windows ] Windows 10 上与 Kali Linux (WSL) 桌面交互的方法： https://whitedome.com.au/re4son/voodoo-kali/

[ Linux ] KPTI补丁分析： https://mp.weixin.qq.com/s/PX2VpPO7ms3YhwikQ3Ngpg
[ Malware ] WannaMine来了？警惕“永恒之蓝”挖矿长期潜伏： http://www.freebuf.com/articles/network/164869.html
[ MalwareAnalysis ] .amnesia勒索病毒分析报告： http://blogs.360.cn/blog/amnesia%E5%8B%92%E7%B4%A2%E7%97%85%E6%AF%92%E5%88%86%E6%9E%90%E6%8A%A5%E5%91%8A/
[ Windows ] 渗透技巧——获得Windows系统的远程桌面连接历史记录： https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-%E8%8E%B7%E5%BE%97Windows%E7%B3%BB%E7%BB%9F%E7%9A%84%E8%BF%9C%E7%A8%8B%E6%A1%8C%E9%9D%A2%E8%BF%9E%E6%8E%A5%E5%8E%86%E5%8F%B2%E8%AE%B0%E5%BD%95/
[ Windows ] 分析笔记：CVE-2017-0101 整数溢出漏洞： https://xiaodaozhi.com/exploit/70.html

2018/03/15