腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/01/14

PHR34K @unpacker

[ Attack ] BlackEnergy and the Ukraine: Signals vs. Noise http://blog.cylance.com/blackenergy-and-the-ukraine-signals-vs.-noise

"BlackEnergy 和乌克兰: 信号与噪声，来自 Cylance Blog： https://t.co/SSUnPCXk8O"
Rapid7 @rapid7

[ Attack ] We're sharing key findings from our Incident Detection & Response survey [BLOG]: http://bit.ly/1OqR913 #DFIR https://t.co/hnTsLJeJcR

"来自 Rapid7 的《2015 年应急事件检测、响应调查报告》 https://t.co/hnTsLJeJcR https://t.co/ElFLFvplmi #DFIR"
Unit 42 @Unit42_Intel

[ Attack ] #Unit42 takes a closer look at recent holiday season-themed attacks http://bit.ly/1P8NaFV

"Palo Alto 带大家看看最近一些假期主题的攻击，尽管是假期，但攻击者没有停歇： https://t.co/xfePnF3pRS"
Exploit Database @exploitdb

[ Browser ] [dos] - Internet Explorer 11.0.9600.18124 EdUtil::GetCommonAncestorElement - Denial of Service: Internet Explo... http://bit.ly/1ZukzWH

"Internet Explorer 11.0.9600.18124 EdUtil::GetCommonAncestorElement 拒绝服务 PoC： https://t.co/Bx7dhWuAra"
Microsoft Edge Dev @MSEdgeDev

[ Browser ] ChakraCore GitHub repository is now open https://blogs.windows.com/msedgedev/2016/01/13/chakracore-now-open/

"Chakra JavaScript 引擎的核心组件 ChakraCore 开源了： https://t.co/CZGh3eT3cs Github Repo： https://github.com/Microsoft/ChakraCore "
Enno Rey @Enno_Insinuator

[ Device ] Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-air #staticcredentialssurewhynot

"Cisco Aironet 1800 系列接入点设备存在默认账户密码漏洞，攻击者可以远程登陆设备： https://t.co/sIf4jlncVz "
Kimberly @StopMalvertisin

[ Exploit ] Microsoft SRD | Triaging the exploitability of IE/EDGE crashes http://bit.ly/1PViSJM

"评估 IE/Edge 崩溃的可利用性，来自微软 SRD Blog： https://t.co/yqBcJkRvOF"
Yakup Korkmaz @likeitcool

[ Forensics ] Introduction to DFIR: http://sroberts.github.io/2016/01/11/introduction-to-dfir-the-beginning/ #DFIR @ sroberts

"DFIR（数字取证和应急响应）入门，介绍了一些应急相应、取证方面的工具和技巧，来自 sroberts 的 Blog： https://t.co/of0Tb9iDS8"
Nicolas Krassas @Dinosn

[ Fuzzing ] Hacking for Charity: Automated Bug-finding in LibOTR http://blog.trailofbits.com/2016/01/13/hacking-for-charity-automated-bug-finding-in-libotr

"为慈善事业 Hacking: 自动化寻找 LibOTR 的漏洞， LibOTR 是一个流行的加密消息传输库： https://t.co/DoMRJgv7fw"
Quequero @quequero

[ Fuzzing ] afl-fuzz-js a porting of afl fuzzer for javascript: https://github.com/tunz/afl-fuzz-js

"afl-fuzz-js - AFL-Fuzz 的 JavaScript 移植版: https://t.co/6nUAW3sQje"
Giuseppe `N3mes1s` @gN3mes1s

[ Linux ] A type-safe and zero-allocation library for reading and navigating ELF files in Rust - http://www.ncameron.org/blog/a-type-safe-and-zero-allocation-library-for-reading-and-navigating-elf-files/

"一个类型安全和零内存分配的 ELF 解析、导航库， Rust 语言编写： https://t.co/KduYwKWUIf"
TrendLabs @TrendLabs

[ Malware ] Spammers are using #DavidBowie to bypass #spam filters: http://bit.ly/1KcO1Uz https://t.co/yKxnxJkgxD

"垃圾邮件发送者正在使用 DavidBowie（著名摇滚明星）绕过垃圾邮件过滤器： https://t.co/yKxnxJkgxD https://t.co/WHUqTYObKB"
c0d3inj3cT @c0d3inj3cT

[ Malware ] #Nanocore and AutoIT Cryptor Unpacking and Deobfuscation: http://goo.gl/tjT1Hc cc: @ Xylit0l @ PhysicalDrive0

"Nanocore 与 AutoIT 加密壳样本的解压缩: https://t.co/ywsrzPwnyK "
PhysicalDrive0 @PhysicalDrive0

[ Malware ] #TeslaCrypt Ransomware 3.0 https://malwr.com/analysis/YmE4MmUwZDNhMzVlNGI0ZjkxNTg3MTBiZjI3NDU5NTI/

"勒索软件 TeslaCrypt 3.0 在 Malwr 系统中的动态分析结果： https://t.co/6OjuRM8UHX "
Decalage @decalage2

[ Malware ] Unmasking Malfunctioning Malicious Documents: http://decalage.info/malformed_maldocs - featuring @ hahn_katja @ DidierStevens @ PayloadSecurity and oletools

"分析故障的恶意文档，来自 decalage Blog: https://t.co/wRD15cTEUv"
Frank Denis @jedisct1

[ Malware ] Toolkit for ZeroAccess/Sirefef v3 https://github.com/hfiref0x/ZeroAccess

"ZeroAccess/Sirefef v3 Toolkit： https://t.co/mhRHyVnwkm "
Nicolas Krassas @Dinosn

[ Network ] Flexible, secure SSH with DNSSEC https://blog.cloudflare.com/flexible-secure-ssh-with-dnssec/

"借助 DNSSEC，搭建灵活、安全的 SSH 服务： https://t.co/TTgPOyxyNz"
Nicolas Krassas @Dinosn

[ Network ] HTTP Evasions Explained 9 - How to fix the inspection bypasses http://noxxi.de/research/http-evader-explained-9-how-to-fix.html

"HTTP 逃逸系列 9 - 如何绕过应用层的检查： https://t.co/G3iTfRM6LQ"
PHR34K @unpacker

[ Others ] Android.Bankosy: All ears on voice call-based 2FA http://www.symantec.com/connect/ko/blogs/androidbankosy-all-ears-voice-call-based-2fa

"Android Bankosy 恶意软件截获基于语音呼叫的两步认证信息，基于语音的两步认证系统是在一次一密短信认证的基础上的增强版，之前恶意软件通过转发 OTP（一次一密）短信绕过认证，现在攻击者已经实现了语音呼叫的转发： https://t.co/1CLxA0UAT8"
Nicolas Krassas @Dinosn

[ Pentest ] BSQLinjector - Blind SQL Injection Exploitation Tool http://www.kitploit.com/2016/01/bsqlinjector-blind-sql-injection.html

"BSQLinjector - SQL 盲注攻击工具，Ruby 语言编写： https://t.co/34pyn4S2kv"
Nicolas Krassas @Dinosn

[ Popular Software ] ZDI-16-010: Adobe Acrobat Reader DC Search Query Use-After-Free Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-010/

"Adobe Acrobat 阅读器搜索查询 UAF RCE（ZDI-16-010），来自 ZDI 公告: https://t.co/1tWaiHuESB"
Nicolas Krassas @Dinosn

[ Popular Software ] ZDI-16-017: Adobe Reader Graphics State Parameter Dictionary Double Free Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-017/

"Adobe 阅读器图形状态参数字典 Double Free RCE（ ZDI-16-017），来自 ZDI 公告: https://t.co/nI9ENgGOBn"
Nicolas Krassas @Dinosn

[ Popular Software ] ZDI-16-016: Adobe Reader DC AGM Use-After-Free Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-16-016/

"Adobe 阅读器 agm.dll UAF RCE（ZDI-16-016），来自 ZDI Blog: https://t.co/yEWte2p94T"
PythonArsenal @PythonArsenal

[ ReverseEngineering ] Enoki - Wrapper class for IDAPython. Regroups various useful functions for reverse engineering of binaries. https://github.com/InfectedPacket/Idacraft

"Enoki - IDAPython 的封装类库，在 IDAPython 的基础上为逆向提供了一些有用的工具函数： https://t.co/LDChOceRjI"
Nicolas Krassas @Dinosn

[ Tools ] Benchmarking Windows Packet-Capture Methods http://blog.nektra.com/main/2016/01/12/benchmarking-windows-packet-capture-methods/

"Windows 网络数据包捕获库性能比较，比较 WinPcap、NDIS 6.0、WFP 的性能： https://t.co/jG3aB9NNqW"
Robert Rodriguez @RobInfoSecInst

[ Tools ] 20 Popular Wireless Hacking Tools [updated for 2016] http://goo.gl/P3Rdnu #Hacking #BruteForceAttacks #WiFiAttacks

"20 个流行的无线 Hacking 工具，来自 InfoSec Blog： https://t.co/FyWXBrWQqa"
Anton Ivanov @antonivanovm

[ Vulnerability ] #Silverlight CVE-2016-0034 memory corruption vulnerability. Detailed analysis - https://securelist.com/blog/research/73255/the-mysterious-case-of-cve-2016-0034-the-hunt-for-a-microsoft-silverlight-0-day/ https://t.co/cjv9FWa0vS

"CVE-2016-0034 的神秘故事 - Kaspersky 是如何根据 HackingTeam 泄露的邮件捕获到 Silverlight 0Day 的 https://t.co/cjv9FWa0vS https://t.co/jiawpOM2Ss"
Exploit Database @exploitdb

[ Vulnerability ] [dos] - Microsoft Office / COM Object DLL Planting with WMALFXGFXDSP.dll (MS-16-007): Microsoft Office / COM O... http://bit.ly/1ZukAd7

"Microsoft Office OLE WMALFXGFXDSP.dll DLL 劫持漏洞(MS-16-007，CVE-2016-0016): https://t.co/uXAleUxWWl "
Matt Graeber @mattifestation

[ Windows ] WMI attack and real-time detection examples from my #bluehat talk https://gist.github.com/mattifestation/2828e33c4fe9655fd907 https://gist.github.com/mattifestation/fa2e3cea76f70b1e2267

"WMI 攻击和实时检测，来自 Matt Graeber 在 BlueHat 2016 会议上的演讲，实例代码： https://t.co/b3pGPBuPtv https://t.co/fRUjKWurS3"
Exploit Database @exploitdb

[ Windows ] [dos] - Microsoft Windows devenum.dll!DeviceMoniker::Load() - Heap Corruption Buffer Underflow (MS16-007): Mic... http://bit.ly/1W7Yp72

"Windows devenum.dll!DeviceMoniker::Load() 堆破坏缓冲区下溢 (MS16-007，CVE-2016-0015): https://t.co/2rxWT4dbI1"

2016/01/14