腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] 了解 Android 应用程序中开放的端口:发现、诊断以及安全评估: https://daoyuan14.github.io/papers/NDSS19_OpenPort.pdf
-
[ Attack ] 攻击 Palo Alto Network 支持网站的记录: https://www.craigdods.com/hacking-into-palo-alto-networks-support-site-for-fun-and-no-attribution/
-
[ Browser ] Safari 技术预览版 72 发布 : https://webkit.org/blog/8547/release-notes-for-safari-technology-preview-72/
-
[ Browser ] Project Zero 对 VB 脚本引擎漏洞的研究分析: https://googleprojectzero.blogspot.com/2018/12/on-vbscript.html
-
[ Browser ] Chrome 63.0 CSP Bypass: https://www.n0tr00t.com/2018/12/19/Chrome-63-0-CSP-Bypass.html
-
[ Browser ] Microsoft 修复了 Google 报告的针对性攻击中被用到的 IE 0day 漏洞(CVE-2018-8653) : 1) https://blogs.technet.microsoft.com/msrc/2018/12/19/december-2018-security-update-release-2/2) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653
-
[ Cloud ] 探索容器安全性:在 Google 云上使用新的托管基础映像进行漏洞修补: https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-let-google-do-the-patching-with-new-managed-base-images
-
[ Exploit ] 介绍二进制缓冲区溢出 Exploit : https://0xrick.github.io/BinaryExploitation-BOF/
-
[ MachineLearning ] 通过信号共享和机器学习解决网络钓鱼问题: https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/tackling-phishing-with-signal-sharing-and-machine-learning/
-
[ Malware ] 恶意代码可以通过使用 Virtual Machine tools 对虚拟机系统进行指纹识别: http://www.hexacorn.com/blog/2018/12/19/using-virtual-machine-tools-for-guest-os-fingerprinting/
-
[ MalwareAnalysis ] TrendMicro 发现 URSNIF, EMOTET, DRIDEX 以及 BitPaymer Gangs 使用了相似的加载器: https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/
-
[ Others ] VBScript VbsErase 中的引用泄漏,可导致 UAF(CVE-2018-8625),来自 Project Zero : https://bugs.chromium.org/p/project-zero/issues/detail?id=1668
-
[ Tools ] SharpNado - 一款针对 .NET 内存中动态执行 Payload 的工具: https://blog.redxorblue.com/2018/12/sharpnado-teaching-old-dog-evil-tricks.html
-
[ Vulnerability ] 自动化扫描潜在的 DCOM 漏洞: https://hackdefense.com/docs/automating-the-enumeration-of-possible-dcom-vulnerabilities-axel-boesenach%20v1.0.pdf
-
[ Vulnerability ] Golang TLS 双向身份验证拒绝服务漏洞分析(CVE-2018-16875): https://apisecurity.io/mutual-tls-authentication-vulnerability-in-go-cve-2018-16875/
-
[ Vulnerability ] .ENV 文件信息泄漏漏洞介绍: https://blog.binaryedge.io/2018/12/19/publicly-accessible-env-files/
-
[ Vulnerability ] 绕过 Gmail 双因素认证的攻击: https://twitter.com/josephfcox/status/1075391745502924801
-
[ Windows ] WinDbg 预览版 1.0.1812.12001 新的可扩展性接口介绍: https://blogs.msdn.microsoft.com/windbg/2018/12/19/windbg-preview-1-0-1812-12001-and-new-extensibility-interfaces/
-
[ Windows ] Microsoft 发布 Windows Sandbox ,可支持运行各种应用程序 : https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849
-
[ Windows ] 从 Pcap 文件中提取并破解 NTLMv2 Hash: https://research.801labs.org/cracking-an-ntlmv2-hash/
-
[ WirelessSecurity ] 操作信道验证已被加入 wpa_supplicant 以及 hostapd 开发版本中,用于防御无线网络下的多信道中间人攻击: https://twitter.com/i/web/status/1075083160629768193
-
-
[ Vulnerability ] ZDI 对 Microsoft Exchange 允许经过身份验证的用户冒充其它任意用户的漏洞分析(CVE-2018-8581) : https://www.zerodayinitiative.com/blog/2018/12/19/an-insincere-form-of-flattery-impersonating-users-on-microsoft-exchange