腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] 反击攻击者,逆向分析恶意应用获取黑客的服务器权限: https://asaf.me/2018/07/23/attacking-the-attackers/
-
[ Crypto ] Dharma 智能合约安全审计,来自 ZeppelinOrg team: https://blog.zeppelin.solutions/dharma-audit-2f1386455688
-
[ Exploit ] 作者分享了其在 CTF 解题中涉及到的关于 ROP 和 ret2lib 的多篇技术文章: https://tuonilabs.wordpress.com/
-
[ Forensics ] PCAP 的拆分与合并: https://blog.packet-foo.com/2018/07/pcap-split-and-merge/
-
[ Hardware ] Quarkslab 对 TrustZone 的详细介绍以及其相关的一些攻击方法和攻击面 Part 2: https://blog.quarkslab.com/attacking-the-arms-trustzone.html Part 1: https://blog.quarkslab.com/introduction-to-trusted-execution-environment-arms-trustzone.html
-
[ Language ] 关于 Falcon 中间语言的历史,介绍,设计思路以及使用场景: http://reversing.io/posts/the-il-nop/
-
[ MachineLearning ] 利用深度神经网络监测 ROP Payloads(Paper): https://arxiv.org/abs/1807.11110
-
[ Malware ] 攻击者在 AdsTerra 在线广告网站上冒充合法用户向受害者分销嵌入漏洞利用的恶意广告: https://threatpost.com/complex-malvertising-scheme-impacts-multiple-levels-of-web-economy/134579/
-
[ MalwareAnalysis ] 检测隐藏在证书文件中的 PowerShell 恶意代码 Part 1: https://blog.nviso.be/2018/07/31/powershell-inside-a-certificate-part-1/
-
[ MalwareAnalysis ] Cobalt Gang 组织使用精心构造的恶意电子邮件发起攻击,Cisco Talos 对其做了相关分析: https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html
-
[ MalwareAnalysis ] 针对 Andariel 组织 2014-2018 年间攻击活动的调查: https://www.slideshare.net/JackyMinseokCha/from-stealing-confidential-data-to-revenuegenerating-attacks
-
[ MalwareAnalysis ] SamSam 勒索软件调查分析报告: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf
-
[ MalwareAnalysis ] Unit 42 最近发现 Bisonal 变种针对俄罗斯和韩国的公司发起攻击,并做了分析: https://researchcenter.paloaltonetworks.com/2018/07/unit42-bisonal-malware-used-attacks-russia-south-korea/
-
[ MalwareAnalysis ] McAfee 针对 GandCrab 勒索软件的分析: https://securingtomorrow.mcafee.com/mcafee-labs/gandcrab-ransomware-puts-the-pinch-on-victims/
-
[ Mobile ] 医疗环境中引入移动技术所带来的风险调查,作者主要对 Epic Rover,一款用于管理医药系统的移动 APP 进行了调查分析(Paper): https://arxiv.org/abs/1807.11086
-
[ Network ] 借助数据科学学习网络数据包分析: https://secdevops.ai/learning-packet-analysis-with-data-science-5356a3340d4e
-
[ Obfuscation ] 使用元数据信息识别和混淆社交媒体用户(Paper): https://www.ucl.ac.uk/~ucfamus/papers/icwsm18.pdf
-
[ Protocol ] 文章介绍了如何去读一本协议的手册: https://www.mnot.net/blog/2018/07/31/read_rfc
-
[ SecurityReport ] 网络空间中的外国经济间谍活动(Paper): https://www.dni.gov/files/NCSC/documents/news/20180724-economic-espionage-pub.pdf
-
[ Tools ] ida_ifl - IDA 插件,支持载入 PE-sieve,PEBear 等工具生成的 TAG 文件: https://github.com/hasherezade/ida_ifl/issues/6
-
[ Tools ] 获取杀毒软件的病毒签名列表: https://twitter.com/mattifestation/status/1024315921400131589
-
[ Tools ] SafeText - 用于删除同形字符和零宽字符的脚本,以便安全地分发匿名来源文档: https://github.com/DavidJacobson/SafeText
-
[ Windows ] 对 WOW64 应用程序执行情况的监测与研究系列: https://www.sentinelone.com/blog/now-stage-deep-hooks-monitoring-native-execution-wow64-applications/
-
[ Windows ] PowerShell Core 6.1 不断扩大对 Windows 模块的支持覆盖范围: https://blogs.msdn.microsoft.com/powershell/2018/07/31/increased-windows-modules-coverage-with-powershell-core-6-1/
-
[ Windows ] Windows 提权笔记: http://memorycorruption.org/windows/2018/07/29/Notes-On-Windows-Privilege-Escalation.html