腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2018/10/29

[ Pentest ] 如何绕过 AMSI并执行任意恶意 PowerShell 代码： https://0x00-0x00.github.io/research/2018/10/28/How-to-bypass-AMSI-and-Execute-ANY-malicious-powershell-code.html
[ Programming ] 通过 Kotlin 编程语言进行 iOS 应用开发的详细介绍： https://akos.ma/books/Android_for_iOS_Devs_Kotlin_Ed_2018.html
[ Tools ] HasCase5.0.0 发布： https://hashcat.net/forum/thread-7903.html
[ Windows ] Schuyler Dorsey 对其 Win10 基础强化脚本进行更新，启用了 Windows Defender 沙盒功能： https://twitter.com/mackwage/status/1056249193038143488

[ Browser ] Chakra JIT Loop LandingPad ImplicitCall Bypass ： https://blogs.projectmoon.pw/2018/10/26/Chakra-JIT-Loop-LandingPad-ImplicitCall-Bypass/
[ Crypto ] 二十年以来对 RSA 密码系统攻击综述： https://paper.seebug.org/727/
[ Exploit ] X.Org Server 本地提权漏洞（CVE-2018-14665）使用 "-modulepath" 的一种利用方式： https://www.securepatterns.com/2018/10/cve-2018-14665-another-way-of.html
[ MalwareAnalysis ] 'Malware on Steroids Part 3: Machine Learning & Sandbox Evasion' ,针对恶意软件如何躲避沙盒分析的详细介绍： https://scriptdotsh.com/index.php/2018/10/27/malware-on-steroids-part-3-machine-learning-sandbox-evasion/
[ Operating System ] 获取系统命令执行记录的多种方法： http://www.hexacorn.com/blog/2018/10/27/process-monitoring-process-cmd-line-monitoring-data-sources/
[ Others ] 修补 nVidia GPU 驱动程序使其支持在 Linux 上进行热拔插： https://lab.whitequark.org/notes/2018-10-28/patching-nvidia-gpu-driver-for-hot-unplug-on-linux/
[ Pentest ] 从WebLogic看反序列化漏洞的利用与防御： https://cert.360.cn/report/detail?id=c8eed4b36fe8b19c585a1817b5f10b9e
[ Pentest ] 一键安装藏隐患，phpStudy 批量入侵的分析与溯源： https://mp.weixin.qq.com/s/XwBHG0xUgGxeBF1YLV46ng
[ SecurityProduct ] 绕过 Windows 上的 Cisco AMP : https://www.mdsec.co.uk/2018/10/cisco-amp-bypassing-self-protection/
[ Tools ] off-by-slash - 检测 Nginx off-by-slash 配置错误漏洞的 Burp 插件： https://github.com/bayotop/off-by-slash
[ Tools ] DoHC2 - 整合 ExternalC2 库使其支持 DoH C2 控制通道的项目： https://github.com/SpiderLabs/DoHC2
[ Tools ] Cortex 分析器现已支持超过 100 种分析标记: https://blog.thehive-project.org/2018/10/26/cortex-101-dissecting-observables-a-hundred-ways/
[ Tools ] my-arsenal-of-aws-security-tools - 开源 AWS 安全工具收集列表： https://github.com/toniblyx/my-arsenal-of-aws-security-tools
[ Windows ] Microsoft 宣布 Windows Defender Antivirus 已可运行在沙箱中： https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/
[ Windows ] Windows Kerberos 委派机制详解： https://posts.specterops.io/another-word-on-delegation-10bdbe3cd94a
[ Windows ] 使用 Get-NetIPServerInfo 检索所有 Windows 服务器的 IP 配置： https://sid-500.com/2018/10/26/retrieve-the-ip-configuration-of-all-windows-servers-with-get-netipserverinfo/
[ Windows ] Windows PE文件格式展示： https://github.com/corkami/pics/blob/master/binary/pe101/README.md

2018/10/29