腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2018/09/14

[ APT ] FireEye 对 APT10 组织攻击日本媒体行业的分析报告： https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html
[ Detect ] 检测 Kerberoasting 攻击活动: https://www.trimarcsecurity.com/single-post/TrimarcResearch/Detecting-Kerberoasting-Activity
[ Forensics ] Linux 内存取证：解析用户空间进程堆: https://www.sciencedirect.com/science/article/pii/S1742287617301895
[ Industry News ] 42M 用户密码文件被上传至 kayo.moe : https://www.troyhunt.com/the-42m-record-kayo-moe-credential-stuffing-data/
[ Industry News ] ASP.NET Core 2.2.0 preview 2 发布: https://blogs.msdn.microsoft.com/webdev/2018/09/12/asp-net-core-2-2-0-preview2-now-available/
[ iOS ] iOS 漏洞 CVE-2018-4330 的 POC： https://github.com/omerporze/toothfairy: https://github.com/omerporze/toothfairy
[ Linux ] Alpine Linux apk 包管理器远程代码执行漏洞详情披露: https://justi.cz/security/2018/09/13/alpine-apk-rce.html
[ MalwareAnalysis ] 通过 MHT 网页文件传播的恶意软件分析: https://isc.sans.edu/forums/diary/Malware+Delivered+Through+MHT+Files/24096/
[ MalwareAnalysis ] Kodi 媒体播放器第三方插件被用于加密货币挖矿活动，来自 ESET 的分析： https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/
[ Others ] 如何防御 NodeJS 中的不安全跳转： https://blog.hailstone.io/how-to-prevent-unsafe-redirects-in-node-js
[ Others ] ELF 文件格式详解 Part 1, ELF 头： http://blog.k3170makan.com/2018/09/introduction-to-elf-format-elf-header.html
[ Pentest ] 使用 Digispark 和 Duck2Spark 打造廉价 USB 橡皮鸭： https://medium.com/@tomac/low-cost-usb-rubber-ducky-pen-test-tool-for-3-using-digispark-and-duck2spark-5d59afc1910
[ Pentest ] AppLocker 自定义规则绕过： https://0x09al.github.io/security/applocker/bypass/custom/rules/windows/2018/09/13/applocker-custom-rules-bypass.html
[ Vulnerability ] 使用 SeCreateTokenPrivilege 对 STOPzilla AntiMalware 任意写漏洞进行利用: http://www.greyhathacker.net/?p=1025
[ Vulnerability ] Apache Portals Pluto 3.0.0 - 远程代码执行漏洞披露（CVE-2018-1306）： https://www.exploit-db.com/exploits/45396/
[ Vulnerability ] 来自 ZDI 对 Advantech WebAccess Node 中一个命令注入漏洞（CVE-2018-10589）的详细分析： https://www.zerodayinitiative.com/blog/2018/9/13/pivot-pivot-reaching-unreachable-vulnerable-code-in-industrial-iot-platforms

[ Blockchain ] blockwell.ai KYC Casper Token “牛皮癣广告” 事件分析: https://paper.seebug.org/700/
[ Popular Software ] Wireshark CoAP Dissector 拒绝服务漏洞披露（CVE-2018-14367）: https://tools.cisco.com/security/center/viewAlert.x?alertId=58912
[ SecurityReport ] 无文件攻击技术分析报告,来自 symantec : https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-living-off-the-land-and-fileless-attack-techniques-en.pdf
[ Windows ] windows10 下的堆结构及 unlink 分析: https://mp.weixin.qq.com/s/3gG3vy1a3VLEN9kDDxQVPQ

2018/09/14