腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Android ADB Debug Server Remote Payload Execution https://packetstormsecurity.com/files/135370/adb_server_exec.rb.txt
"Android ADB Debug Server 远程 Payload 执行, Metasploit 模块: https://t.co/5yXCiDOBzP"
-
[ Android ] Samsung Android Security Updates January 2016: http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016
"三星 Android 安全公告, 2016 年 1 月份: https://t.co/6MFosAQW5K"
-
[ Android ] Android application development - Securing source code - http://drops.wooyun.org/mobile/12172 (Chinese)
"Android 应用安全开发之源码安全,来自 Wooyun Drops,作者为 gh0stbo: https://t.co/L0tyR9CyIY"
-
[ Android ] Mobile Application Penetration Testing Cheat Sheet : https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet/
"移动应用渗透测试备忘单,包括 iOS 和 Android 在渗透测试、逆向分析中会用到的各种工具: https://t.co/yDdNl35Afs"
-
[ Attack ] #Unit42 investigates a series of attacks they attributed to a group they code named Scarlet Mimic http://bit.ly/1PdGcDV
"Scarlet Mimic - 近 7 个月,Palo Alto 一直在跟踪调查 Scarlet Mimic 组织,该组织 4 年前开始攻击活动,首要目标是收集少数民族积极分子的有关信息,目前还没有证据表明与哪个政府有关, Palo Alto Blog: https://t.co/XZkOuvlpeK 另外,关于其中的 FakeM RAT 远控工具, TrendMicro 2013 年发过一个报告: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf "
-
[ Attack ] FireEye Labs has collected data on the 6 most prominent #malware families delivered during the holiday season http://bddy.me/1lK8daa
"来自 FireEye 的 2015 年假期期间的邮件攻击分析报告 - 虽然是假期,但是邮件攻击者却没有停歇。 FireEye 实验室收集 6 个突出的邮件攻击行动组织的信息: https://t.co/YuYRfix6ww "
-
[ Crypto ] Analysing and Exploiting the Mantin Biases in RC4 : https://eprint.iacr.org/2016/063.pdf (pdf) cc : @ kennyog
"分析和攻击 RC4 里 Mantin Biases 的问题 Paper: https://t.co/VwMuE35nAu "
-
[ Firmware ] UEFI boot script table exploit (https://github.com/Cr4sh/UEFI_boot_script_expl) with Linux DMA attack stuff should work fine on vulnerable Lenovo ThinkPad laptops
"UEFI Boot Script Table 漏洞利用脚本: https://t.co/Nu5C0fsipw 该脚本是一个 CHIPSEC 漏洞评估框架的模块,所以使用时需先下载 CHIPSEC 框架"
-
[ Hardware ] #DeepSec Video: Bridging the Air-Gap - Data #Exfiltration from Air-Gap Networks: … http://wp.me/p6PE4U-CJ #GSMem #Wireless
"从物理隔离的网络中通过手机频段窃取数据,来自 DeepSec 的演讲,作者还实现了一个原型工具 GSMem: https://t.co/4lQwCKV71y"
-
[ iOS ] Apple can access your encrypted iMessages http://securityaffairs.co/wordpress/43937/digital-id/apple-can-access-imessages-data.html
"Apple 可以访问你加密的 iMessages: https://t.co/REJtRW4VfB"
-
[ Linux ] Integer overflow in nfssvc system call: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206626
"nfssvc 系统调用整数溢出漏洞,来自 FreeBSD Bugzilla: https://t.co/fb9t3Al16X"
-
[ MalwareAnalysis ] #NanoLocker ransomware analysis by @ CyberClues: http://blog.malwareclipboard.com/2016/01/nanolocker-ransomware-analysis.html #malware
"NanoLocker 勒索软件分析,来自 Malware Clipboard: https://t.co/UnFLQ1l3aN "
-
[ Others ] Analyzing Arithmetic Prolog Programs by Symbolic Execution https://www.react.uni-saarland.de/publications/AWeinert_MSC.pdf
"用符号执行的方式自动化地分析 PROLOG 语言的程序, Paper: https://t.co/g6eTgukTW5"
-
[ Others ] Hiding in Plain Sight: Malware’s Use of TLS and Encryption http://blogs.cisco.com/security/malwares-use-of-tls-and-encryption
"远在天边近在眼前: 恶意软件对 TLS 和加密的使用,加密和 TLS 的使用是恶意软件逃避检测的有效手段,来自 Cisco Blog: https://t.co/sFfXni1Xa9 "
-
[ Others ] Amazon's Customer Service Backdoor http://rss.slashdot.org/~r/Slashdot/slashdot/~3/8z8UlXwYCbk/amazons-customer-service-backdoor
"亚马逊的客服系统后门 https://t.co/IiQYcLN8J5"
-
[ Others ] Microsoft releases CNTK, its open source deep learning toolkit, on GitHub: http://blogs.microsoft.com/next/2016/01/25/microsoft-releases-cntk-its-open-source-deep-learning-toolkit-on-github/ Comments: https://news.ycombinator.com/item?id=10967196
"微软开源了它的深度学习工具 CNTK,官方 Blog: https://t.co/P7vLFAkqHX Github 项目: https://github.com/Microsoft/CNTK 评论: https://t.co/wpuypankS0"
-
[ Popular Software ] PHP-FPM fpm_log.c memory leak and buffer overflow http://seclists.org/bugtraq/2016/Jan/117
"PHP-FPM(FastCGI Process Manager) fpm_log.c 内存泄露和缓冲区溢出,来自 FullDisclosure 公告: https://t.co/9GAy3SAP6T"
-
[ Popular Software ] [CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities http://goo.gl/fb/pRXjuh #FullDisclosure
"联想文件共享软件 ShareIT 存在多个漏洞,包括硬编码密码、信息泄露、敏感数据未加密。这些漏洞由 CoreSecurity 发现,来自 FullDisclosure 的公告: https://t.co/cf3yshlu9q"
-
[ Popular Software ] PayPal Remote Code Execution Vulnerability* using Java Deserialization : http://artsploit.blogspot.in/2016/01/paypal-rce.html //*Fixed
"PayPal Java 反序列化远程代码执行漏洞(目前已修复): https://t.co/tueZXWk5sb "
-
[ Programming ] Embedded Programming with the GNU Toolchain : http://www.bravegnu.org/gnu-eprog/ #b2b
"GNU 工具链嵌入式编程手册: https://t.co/jd5tMOFTZn "
-
[ ReverseEngineering ] [Blog] Swift Reverse Engineering | Digging into Objects - http://rotlogix.com/2016/01/25/digging-into-swift-objects/ #mobile #iOS
"Swift 语言逆向 - 深挖对象,来自 RotLogix Blog: https://t.co/pXKP0DZ7i3"
-
[ Tools ] Good Cuckoo Sandbox installation guide for first timers http://mostlyaboutsecurity.com/security/cuckoo-sandbox-installation-guide/
"为新手准备的 Cuckoo Sandbox 安装指南: https://t.co/XZwKj43HQO "
-
[ Tools ] RWMC – Retrieve Windows Credentials With PowerShell http://www.darknet.org.uk/2016/01/rwmc-retrieve-windows-credentials-powershell/
"RWMC — 用于获取 Windows 凭证的 PowerShell 脚本: https://t.co/G7zxF4IXiN"
-
[ Tools ] Pumpernickel is a simple kernel mode driver that enables you to sandbox (limit) write attempts of processes. https://excubits.com/content/en/products_beta.html
"Pumpernickel - 一个简单的内核驱动,可以用来限制进程的写操作,如限制 notepad.exe 只能向某些白名单路径写文件: https://t.co/YAtcW4cjJb"