腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2018/05/25

[ Browser ] New features for extensions in the Windows 10 April 2018 Update： https://blogs.windows.com/msedgedev/2018/05/24/new-extension-features-april-2018-update-notifications-inprivate/
[ Browser ] Firefox 中的 CSP strict-dynamic 策略绕过漏洞详情(CVE-2018-5175): https://mksben.l0.cm/2018/05/cve-2018-5175-firefox-csp-strict-dynamic-bypass.html
[ Industry News ] Cobalt Strike 修复 PowerShell Shellcode 注入在 Win10 上无法运行的问题： https://blog.cobaltstrike.com/2018/05/24/powershell-shellcode-injection-on-win-10-v1803/
[ MalwareAnalysis ] 针对 VPNFilter 从图片 EXIF 元数据到 C2 服务器 IP 地址转换过程的分析： https://securelist.com/vpnfilter-exif-to-c2-mechanism-analysed/85721/
[ MalwareAnalysis ] Trendmicro 发现恶意 Edge 及 Chrome 扩展用来投递后门： https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-edge-and-chrome-extension-used-to-deliver-backdoor/
[ OpenSourceProject ] GNU glibc < 2.27 缓冲区溢出漏洞 POC (CVE-2018-11237) ： https://www.exploit-db.com/exploits/44750/
[ Popular Software ] Thunderbird S/MIME 证书替换攻击漏洞披露： https://bugzilla.mozilla.org/show_bug.cgi?id=1438949
[ ReverseEngineering ] 逆向工程学习课程（class 0 - class 10）： http://martin.uy/blog/projects/reverse-engineering/
[ SecurityAdvisory ] Red Hat Enterprise Linux 多款产品发布安全更新： https://access.redhat.com/errata/RHSA-2018:1726
[ Tools ] emu - 基于 unicorn 引擎的代码模拟器： https://github.com/5alt/emu
[ Tools ] 如何构建 VoIP 来电显示欺骗工具 Part 1: https://blog.rapid7.com/2018/05/24/how-to-build-your-own-caller-id-spoofer-part-1/
[ Virtualization ] Detecting Hypervisor Presence on Windows 10: https://revers.engineering/detecting-hypervisor-presence-on-windows-10/
[ Virtualization ] 深入理解虚拟化 Part2：VMWare 与基于二进制翻译的虚拟化： https://saferwall.com/blog/virtualization-internals-part-2-vmware-and-virtualization-using-binary-translation
[ Windows ] Electron Windows 协议处理中的 MITM/RCE 漏洞，绕过 CVE-2018-1000006 补丁： https://blog.doyensec.com/2018/05/24/electron-win-protocol-handler-bug-bypass.html
[ Windows ] Windows 事件日志的恶意利用 - 存储 Payloads 与配置信息： https://medium.com/@5yx/windows-event-log-to-the-dark-side-storing-payloads-and-configurations-9c8ad92637f2

[ APT ] DarkHotel APT团伙新近活动的样本分析： http://www.freebuf.com/articles/system/171049.html
[ Crypto ] Bitcoin Gold(BTG)遭受51%攻击事件解析： https://nosec.org/?token=ftt0okzr63
[ Hardware ] Micropython之萝卜狗远程门禁控制系统： http://www.freebuf.com/articles/wireless/171406.html
[ iOS ] ZipperDown漏洞细节披露：https://mp.weixin.qq.com/s/X-CWgPFUTvlj_okcVL3gYg
[ MalwareAnalysis ] 基于区块链域名的僵尸网络病毒分析： http://www.freebuf.com/articles/blockchain-articles/172559.html

2018/05/25