腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2018/07/26

[ Android ] Quarkslab 发现的三枚 Android 蓝牙组件漏洞详情(CVE-2018-9359, CVE-2018-9360, CVE-2018-9361): https://blog.quarkslab.com/a-story-about-three-bluetooth-vulnerabilities-in-android.html
[ Browser ] Pwn2Own 2018 Safari 漏洞利用 Part 5 之 Fuzzing macOS WindowServer 寻找可利用漏洞： http://blog.ret2.io/2018/07/25/pwn2own-2018-safari-sandbox/
[ Crypto ] awesome-crypto-papers - 一份关于密码学相关论文、教程等的收集列表： https://github.com/pFarb/awesome-crypto-papers
[ Debug ] 动态二进制插桩的原理和基本实现： http://deniable.org/reversing/binary-instrumentation
[ Forensics ] 如何从 DotNetToJScript 生成的 JScript 脚本中提取 PE 文件： https://blog.didierstevens.com/2018/07/25/extracting-dotnettojscripts-pe-files/
[ Industry News ] Exchange Server 2019 预览版： https://blogs.technet.microsoft.com/exchange/2018/07/24/exchange-server-2019-public-preview/
[ MachineLearning ] 神经图灵机 NTM 的实现(Paper) : https://arxiv.org/abs/1807.08518Code: https://github.com/MarkPKCollier/NeuralTuringMachine
[ macOS ] 新 macOS 取证方法，可查看系统在一个月前执行的进程记录: https://www.crowdstrike.com/blog/i-know-what-you-did-last-month-a-new-artifact-of-execution-on-macos-10-13/
[ MalwareAnalysis ] 针对印度的高级移动恶意软件活动中使用的恶意 MDM 系统分析 Part 2: https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM-Part2.html
[ MalwareAnalysis ] unit42 针对 OilRig group 组织近期活动的分析： https://researchcenter.paloaltonetworks.com/2018/07/unit42-oilrig-targets-technology-service-provider-government-agency-quadagent/
[ Others ] Block Oriented Programming: Automating Data-Only Attacks： https://arxiv.org/pdf/1805.04767.pdf
[ Pentest ] .NET 进程注入技术介绍： https://medium.com/@malcomvetter/net-process-injection-1a1af00359bc
[ Pentest ] 不使用 System.Reflection.Assembly 的. NET 反射加载方法: https://blog.netspi.com/net-reflection-without-system-reflection-assembly/
[ Pentest ] UNDER THE HOODIE 2018，来自 rapid7 的渗透测试经验与总结分享： https://www.rapid7.com/globalassets/_pdfs/research/rapid7-under-the-hoodie-2018-research-report.pdf
[ Popular Software ] Oracle 数据库反序列化提升权限漏洞详情披露(CVE-2018-3004)： http://obtruse.syfrtext.com/2018/07/oracle-privilege-escalation-via.html
[ Tools ] EvilOSX - macOS 系统远控木马： https://github.com/Marten4n6/EvilOSX
[ Tools ] fridump3 - 基于 Frida 实现的内存转储工具: https://github.com/rootbsd/fridump3
[ Tools ] MITRE ATT&CK 白皮书发布，含概背景、不同组件以及设计理念等多个方面： https://www.mitre.org/publications/technical-papers/mitre-attack-design-and-philosophy
[ Windows ] awesome-windows-domain-hardening - Windows 安全加固方向优秀资源收集： https://github.com/PaulSec/awesome-windows-domain-hardening
[ WirelessSecurity ] 蓝牙身份认证有些实现上没有检查椭圆曲线证书参数，可导致公钥证书注入和解密通讯数据： https://www.schneier.com/blog/archives/2018/07/major_bluetooth.html

[ APT ] 蓝宝菇(APT-C-12)最新攻击样本及C&C机制分析： http://www.freebuf.com/articles/system/178422.html
[ IoTDevice ] 看雪2018峰会回顾 | 智能设备漏洞挖掘中几个突破点： https://mp.weixin.qq.com/s/AXIoEwPTEX-CUekVXakyvw
[ IoTDevice ] 医疗设备安全调查报告，来自 ERNW： https://ernw.de/en/whitepapers/issue-66.html
[ Pentest ] 文件上传限制绕过技巧： https://www.exploit-db.com/docs/english/45074-file-upload-restrictions-bypass.pdf
[ Popular Software ] Jenkins 任意文件读取漏洞分析： https://mp.weixin.qq.com/s/T6s2yB92wTPiQnQ9FpJ3MQ
[ Tools ] hindsight - Google Chrome / Chromium 的历史访问记录取证工具： https://github.com/obsidianforensics/hindsight
[ Tools ] cred_scanner - 从文件中寻找 AWS 凭证的工具： https://github.com/disruptops/cred_scanner
[ Web Security ] 基于黑名单方法来验证用户输入的劣势，介绍与绕过案例: https://www.nccgroup.trust/uk/our-research/the-disadvantages-of-a-blacklist-based-approach-to-input-validation/
[ Web Security ] WebLogic 两处任意文件上传漏洞动态分析（CVE-2018-2894）： https://www.anquanke.com/post/id/152823

2018/07/26