腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ APT ] Energetic Bear/Crouching Yeti APT 组织对土耳其关键信息系统的水坑攻击分析: https://www.riskiq.com/blog/labs/energetic-bear/
-
[ APT ] 来自 CSE Malware ZLab 的关于俄罗斯 APT 组织 APT28 的分析报告: http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Roman%20Holiday-Report_v7.pdf
-
[ Browser ] Chrome 中实现顶级域过滤的源代码,进一步了解顶级域欺骗检测的工作原理及哪些 unicode 字符是危险的: https://github.com/chromium/chromium/blob/998ff8fbb32cb0fdf1b6bdd9e885d2b1d7c48bbe/components/url_formatter/idn_spoof_checker.cc
-
[ Browser ] WebKit RCE 漏洞利用开发(CVE-2017-2446): https://doar-e.github.io/blog/2018/07/14/cve-2017-2446-or-jscjsglobalobjectishavingabadtime/
-
[ Crypto ] 一种新型的对比特币挖矿协议的攻击,来自康奈尔大学的研究: https://www.cs.cornell.edu/~ie53/publications/btcProcFC.pdf
-
[ iOS ] 一次关于 iOS 系统健康数据的取证之旅,来自 Sarah Edwards: https://www.mac4n6.com/blog/2018/6/15/presentation-dfirfit-or-bust-a-forensic-exploration-of-ios-health-data-sans-dfir-summit
-
[ macOS ] Sarah Edwards 关于苹果 APFS 文件系统的分析,资料下载链接: http://for518.com/apfsworkshop
-
[ MalwareAnalysis ] 新型银行木马 DanaBot 以伪造 MYOB 发票为主题的钓鱼邮件进行传播: https://threatpost.com/danabot-trojan-targets-bank-customers-in-phishing-scam/133994/
-
[ MalwareAnalysis ] 卡巴斯基 2014 年关于 Crouching Yeti 攻击的报告,包含针对工控系统后门软件和水坑攻击的分析: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08080817/EB-YetiJuly2014-Public.pdf
-
[ MalwareAnalysis ] TrendLabs 关于野外漏洞利用工具近期活动态势的分析: https://blog.trendmicro.com/trendlabs-security-intelligence/a-look-into-recent-exploit-kit-activities/
-
[ Others ] ARM 平台上的 Spectre 漏洞检测: https://2018.pass-the-salt.org/files/talks/05-spectre.pdf
-
-
[ Pentest ] Metasploitable 2 教程:利用 metasploit 攻击 dRuby RMI Server 1.8 的软件,实现远程代码执行: https://www.hackingtutorials.org/metasploit-tutorials/hacking-druby-rmi-server-1-8/
-
[ Popular Software ] Microsoft Enterprise Mode Site List Manager 的XML注入漏洞利用代码: https://www.exploit-db.com/exploits/45026
-
[ ReverseEngineering ] VR 眼睛的危险现实:逆向分析HTCV Vive: https://embedi.com/blog/dangerous-reality-inside-of-vr-headset-htc-vive/
-
[ SecurityProduct ] Fortify Software Security Center (SSC) 17.x/18.1的XML注入漏洞利用代码: https://www.exploit-db.com/exploits/45027
-
[ Tools ] Veil Payloads 与 Veil-Ordnance 的区别介绍: https://www.fortynorthsecurity.com/veil-payloads-and-veil-ordnance/
-
[ Tools ] Firebase - Exploiting Tool 攻击错误配置的 Firebase 数据的工具: https://github.com/Turr0n/firebase
-
[ Tools ] 模拟执行 XNU ARM64 内核的 QEMU 修改版本: https://github.com/zhuowei/qemu
-
[ Tools ] 如何使用 VS2017 编译 PIN 工具: https://hshrzd.wordpress.com/2018/07/16/how-to-compile-a-pin-tool-using-visual-studio-2017/
-
[ Tools ] Visual Studio 2017 现已支持 Azure Service Fabric Mesh 工具: https://blogs.msdn.microsoft.com/visualstudio/2018/07/16/azure-service-fabric-mesh-tools-now-available-for-visual-studio-2017/
-
[ Tools ] mcsema - 一款二进制转换工具,可将机器码转换为LLVM中间代码,并提供了 IDA 和binninja 的接口脚本: https://github.com/trailofbits/mcsema
-
[ Tools ] radiosonde_auto_rx - 开源的无线电探空仪(radiosonde)的追踪软件: https://github.com/projecthorus/radiosonde_auto_rx
-
[ Tools ] keyfinder - 用于查找和分析文件系统以及 Android APK 文件中包含的私钥/公钥文件的工具: https://github.com/CERTCC/keyfinder
-
[ Tools ] trommel - 一个自动化的脚本,用来自动化搜索嵌入式设备文件系统中可能有安全问题的文件和信息。: https://github.com/CERTCC/trommel
-
[ Vulnerability ] DHCP 客户端任意代码执行漏洞分析 (CVE-2018-1111): https://researchcenter.paloaltonetworks.com/2018/07/unit42-analysis-dhcp-client-script-code-execution-vulnerability-cve-2018-1111/
-
[ Web Security ] SAML 漏洞的发现与利用: https://www.anitian.com/blog/owning-saml/
-
[ Windows ] 使用 SACL 检测 Windows 终端的入侵行为: https://medium.com/@cryps1s/detecting-windows-endpoint-compromise-with-sacls-cd748e10950
-
[ Windows ] Windows POP/MOV SS本地提权漏洞利用代码: https://0day.today/exploits/30720
-
[ WirelessSecurity ] 蓝牙漏洞 CVE-2018-9355 POC: https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/commit/2e2f6568701c6c064d5167a41a1c8bc18dfd837e 修复信息: https://android.googlesource.com/platform/system/bt/+/052b63d089d832d38d8e89e1baf25004d36b8308%5E%21/#F0
-
[ WirelessSecurity ] New TETRA Trunk Tracker for use with SDR and the TETRA Demodulator Plugin: https://www.rtl-sdr.com/new-tetra-trunk-tracker-for-use-with-sdr-and-the-tetra-demodulator-plugin/
-
[ WirelessSecurity ] 免费的 GNURadio 第三方应用的仓库: http://cgran.org/
-
[ Browser ] Google Chrome pdfium shading drawing 整数溢出导致远程代码执行: http://blogs.360.cn/blog/google-chrome-pdfium-shading-drawing-%E6%95%B4%E6%95%B0%E6%BA%A2%E5%87%BA%E5%AF%BC%E8%87%B4%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/
-
[ MalwareAnalysis ] Mailinator 对垃圾邮件活动的剖析: https://mailinator.blogspot.com/2018/07/mailinatorcom-anatomy-of-spammy-campaign.html
-
[ MalwareAnalysis ] 新型银行木马病毒MysteryBot Android深度分析: http://www.freebuf.com/articles/terminal/176925.html
-