腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2018/08/13

[ Conference ] Defcon 26 上的议题及视频资料放出： https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/
[ Detect ] 入侵分析 Part 2：逃避防御： https://www.redcanary.com/blog/active-breach-evading-defenses/
[ macOS ] 通过 "组合" 鼠标点击实现对 macOS 的内核访问，来自 threatpost 报道： https://threatpost.com/def-con-2018-apple-0-day-reopens-door-to-synthetic-mouse-click-attack/134951/
[ Others ] 使用 PoolTag 识别主机指纹： https://labs.nettitude.com/blog/using-pooltags-to-fingerprint-hosts/
[ ReverseEngineering ] Histories of comparing binaries with source codes： http://joxeankoret.com/blog/2018/08/12/histories-of-comparing-binaries-with-source-codes/
[ SecurityProduct ] 绕过下一代防病毒软件： https://curtbraz.blogspot.com/2018/08/bypassing-next-gen-av-during-pentest.html
[ Tools ] WindowsDefenderTools - 对 Windows Defender mpengine.dll 进行逆向工程所开发的工具： https://github.com/0xAlexei/WindowsDefenderTools
[ Tools ] ExchangeRelayX - 针对 Exchange EWS 接口的 NTLM relay 工具： https://github.com/Quickbreach/ExchangeRelayX
[ Vulnerability ] Voracle - 对 VPN 隧道的 Compression Oracle 攻击，来自 BlackHat USA 2018： https://speakerdeck.com/skepticfx/voracle-compression-oracle-attacks-on-vpn-tunnels
[ Web Security ] Web 应用渗透测试视频教程收集: https://docs.google.com/document/d/101EsKlu41ICdeE7mEv189SS8wMtcdXfRtua0ClYjP1M/edit
[ Web Security ] 如何攻击 WebSockets 和 Socket.io： https://www.blackhillsinfosec.com/how-to-hack-websockets-and-socket-io/
[ Windows ] SystemSettings.exe - 另一个用于加载DLL的自带应用： http://www.hexacorn.com/blog/2018/08/12/systemsettings-exe-yet-another-lolbin-for-loading-dlls/
[ Windows ] 绕过驱动签名强制检测，来自 DEFCON 26： https://github.com/theevilbit/workshops/blob/master/DSE%20Bypass%20Workshop/dc26%20-%20Csaba%20Fitzl%20-%20DSE%20Bypass%20Workshop%20-%20Presentation.pdf
[ Windows ] PrintDialog.exe – 另一个用于加载DLL的自带应用： http://www.hexacorn.com/blog/2018/08/11/printdialog-exe-yet-another-lolbin-for-loading-dlls/
[ WirelessSecurity ] 在Hexagon中旅行：解析高通基带，来自 DEFCON 26： https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/DEFCON-26-Seamus-Burke-Journey-Into-Hexagon.pdf

[ IoTDevice ] 穿云拨雾：对特斯拉汽车网关、车身控制模块以及辅助驾驶(Autopilot)ECU 的渗透测试,来自 BlackHat USA 2018 : https://mp.weixin.qq.com/s/LFh5cxWKt0ev7E2OA_5_0g
[ Protocol ] Internet 上最重要的安全协议 TLS 1.3 更新，提供了更好的隐私性、安全性和性能： https://www.ietf.org/blog/tls13/
[ Tools ] concolic_execution - Linux 内核 Fuzz 工具发布: https://github.com/ww9210/Linux_kernel_exploits/tree/master/fuze/concolic_execution

2018/08/13