腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Stats on Android device security from @ duosec's service: https://duo.com/blog/duo-analytics-android-device-security-article
"Duo Security 对 Android 设备安全性的数据分析: https://t.co/NUMAm5F14D"
-
[ Attack ] New blog post: Angler Exploit Kit's January Vacation http://wp.me/p6xdcg-fy
"Angler Exploit Kit 一月份休假了?活跃程度陡降,来自 FSecure Blog: https://t.co/Ymw7CvYrex"
-
[ Browser ] New post: Trend Micro Continues Protection for Older Versions of Internet Explorer http://bit.ly/1Po7AL1 @ TrendMicro
"在微软停止对 IE8、IE9、IE10 的支持后,Trend Micro 将通过自家产品继续保护 IE 用户: https://t.co/EcgCyrx5R3 "
-
[ Forensics ] Infected Memory Dumps to Practice Memory Forensics With : https://code.google.com/p/volatility/wiki/PublicMemoryImages
"一些公开的恶意软件的内存镜像,可以用于练习内存取证: https://t.co/9VBhHJU9zp"
-
[ Hardware ] 一维条形码攻击技术(Badbarcode) http://drops.wooyun.org/tips/12183
"一维条形码攻击技术(Badbarcode),来自 Wooyun Drops,作者为伏宸安全实验室的数据流 https://t.co/rPmtI2JujF"
-
[ Linux ] Analysis and PoC for #Linux #Kernel privilege escalation vulnerability CVE-2016-0728 http://bit.ly/1QbIqCx https://t.co/Osp4s03I4O
"Linux 内核 Keyrings 本地提权漏洞的分析和利用(附 PoC)(CVE-2016-0728),来自 Perception Point Blog: https://t.co/Osp4s03I4O https://t.co/fJBFN3p25A "
-
[ Linux ] 2015 Linux kernel CVE list: http://www.openwall.com/lists/kernel-hardening/2016/01/19/1
"Linux 内核 2015 年漏洞 CVE 列表,来自 Openwall 公告: https://t.co/lzJbPluEoz"
-
[ Linux ] Linux eBPF stack trace hack : http://www.brendangregg.com/blog/2016-01-18/ebpf-stack-trace-hack.html cc: @ brendangregg
"通过一点小技巧让 Linux 支持 eBPF stack trace, eBPF 指的是 extensible Berkeley Packet Filter: https://t.co/omJya74Vx9 "
-
[ Mac OS X ] slides from my @ shmoocon talk: "Gatekeeper Exposed" [PDF] https://www.synack.com/wp-content/uploads/2016/01/GatekeeperExposed.pdf #GatekeeperBypass #PatchFail #shmoocon2016 #Synack
"GateKeeper 大曝光, GateKeeper 是 OS X 系统原生的恶意软件检查组件,这个 Slides 来自 patrickwardle 在 Shmoocon 2016 会议的演讲,演讲中介绍了 GateKeeper 的技术原理、漏洞、绕过方法, PDF: https://t.co/GSvDbIekWa "
-
[ Others ] Understanding the Co-Evolution of Cyber Defenses and Attacks to Achieve Enhanced Cybersecurity https://www.nsa.gov/ia/_files/JIW14_217May2015.pdf#page=25
"信息战杂志,2015 年 4 月版: https://t.co/WnMejk5Ss4 "
-
[ Others ] 《书安》第五期 - http://down.jdsec.com/secbook-5/%E4%B9%A6%E5%AE%89-%E7%AC%AC%E4%BA%94%E6%9C%9F.pdf
"《书安》杂志第五期 - 《黑科技》: https://t.co/xW0ST43Frx"
-
[ Popular Software ] [CORE-2016-0001] - Intel Driver Update Utility MiTM http://goo.gl/fb/FEizQu #FullDisclosure
"Intel 驱动程序更新组件中间人劫持漏洞(CVE-2016-1493),该漏洞由 CoreSecurity 发现, FullDisclosure 的公告: https://t.co/wPaNJFgdHZ"
-
[ Popular Software ] Adobe Reader/Acrobat Pro Privilege Escalation (CVE-2015-5090): http://warchest.fusionx.com/cve-2015-5090-adobe-readeracrobat-pro-privilege-escalation/ https://t.co/Jmm6rHw9N3
"Adobe Reader/Acrobat Pro 沙箱逃逸漏洞的利用(CVE-2015-5090),该漏洞出现在 Adobe Reader 的自动更新服务上(AdobeARMService),更新服务在更新过程中会从一块共享内存中读取参数,但是非特权进程也有权限改写这块内存。ZDI 提出的利用方法是改写这块内存控制传递给 AdobeARMHelper.exe 的参数,最终用 Adobe 二进制文件覆盖 AdobeARM.exe,进而后续以高权限加载恶意 PDF 文档,释放 DLL 到本地路径,完成攻击。 而本篇 Blog 作者分享了几种不一样的攻击方法,来自 FusionX 的 Blog: https://t.co/QnEYm5MIIX"
-
[ ReverseEngineering ] Malware Analysis Tutorials : A Reverse Engineering Approach : http://fumalwareanalysis.blogspot.in/p/malware-analysis-tutorials-reverse.html?m=1
"恶意软件分析教程(逆向),共有 34 章,来自 Dr.Fu 的 Blog: https://t.co/cHvA3yS1xg"
-
[ ReverseEngineering ] List of Free Reverse Engineering Tools : https://wiremask.eu/articles/free-reverse-engineering-tools/
"免费逆向工具列表: https://t.co/Kn1NIVXDpm"
-
[ ThirdParty ] OpenSSH CVE-2016-0777私钥窃取技术分析 - http://blogs.360.cn/blog/openssh-cve-2016-0777%E7%A7%81%E9%92%A5%E7%AA%83%E5%8F%96%E6%8A%80%E6%9C%AF%E5%88%86%E6%9E%90/
"OpenSSH CVE-2016-0777 私钥窃取技术分析,来自 360 Blog,作者为云安全团队 au2o3t: https://t.co/vkcJWmOKkg"
-
[ Tools ] Just released AdEnumerator PowerShell module that's awesome for enumerating Active Directory from non-domain systems https://github.com/chango77747/AdEnumerator
"从非入域的系统枚举 Active Directory 的脚本: https://t.co/O5h5WKo3pi "
-
[ Tools ] Some useful volatility plugins , (Mon, Jan 18th) https://isc.sans.edu/diary.html?storyid=20623&rss
"内存取证分析框架 Volatility 的一些有用的插件: https://t.co/d0n8vyd4Ft"
-
[ Tools ] Windows Prefetch parser in C#. All OS from XP to Win10 supported. GUI and Cmdline tools to be released soon! https://github.com/EricZimmerman/Prefetch #DFIR
"Windows Prefetch Parser,C# 语言编写,支持从 WinXP 到 Win10 的所有版本: https://t.co/wc1XBltFBE"
-
[ Tools ] Enumerating Excluded AntiVirus Locations http://securitypadawan.blogspot.com/2016/01/enumerating-excluded-antivirus-locations.html
"枚举恶意软件的 '排除' 文件夹,这些例外排除的文件路径不会被杀软检测: https://t.co/mgxBHFLTsC"
-
[ Web Security ] A small case study on investigating webshell compromise: https://dfir.it/blog/2016/01/18/webshells-every-time-the-same-story-dot-dot-dot-part2/ #DFIR
"来自 DFIR 对 WebShell 的分析 - 《每次都是一样的故事》, Part 2: https://t.co/gIOFcEo78g Part 1: https://dfir.it/blog/2015/08/12/webshell-every-time-the-same-purpose/ "
-
[ Web Security ] How I Stole Plunker Session Tokens with an Angular Expression Injection https://royaljay.com/security/angular-expression-injections/
"我是如何通过 Angular 表达式注入偷取 Plunker 会话 Token 的, Plunker 是一个在线协作编辑平台: https://t.co/TctWsRxRad"
-
[ Web Security ] Telegram (API) - Cross Site Request Forgery Vulnerabilities : http://www.vulnerability-lab.com/get_content.php?id=1648
"即时通信服务 Telegram(API) 跨站请求伪造漏洞: https://t.co/khbXw76p2x"
-
[ Web Security ] Chrome extension for CSRF testing. http://yelgroup.github.io/Yel-CSRF-tool/
"用于测试 CSRF 漏洞的 Chrome 扩展: https://t.co/09X2TO70vZ"
-
[ Windows ] More Registry Fun http://windowsir.blogspot.com/2016/01/more-registry-fun.html
"利用 Unicode RLO 控制字符在注册表中藏恶意软件: https://t.co/P0aCgQuanG"
