腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] Our research team has released its annual @ Windows Exploitation in 2015 report: http://www.welivesecurity.com/2016/01/26/windows-exploitation-in-2015/?utm_source=twitter.com&utm_medium=social&utm_campaign=fanpage https://t.co/riDgcbQ3iW
"ESET 发布 2015 年 Windows 漏洞利用总结报告: https://t.co/riDgcbQ3iW https://t.co/casBMmRGDD"
-
[ Attack ] Government Agencies Audit for Juniper Backdoor: https://threatpost.com/government-agencies-audit-for-juniper-backdoor/116021/ via @ threatpost
"美国政府机构开始审查 IT 设施中的 Juniper 后门: https://t.co/deurMwE9zM"
-
[ Attack ] Cyber Criminals Gain in Sophistication With Integrity Attacks https://blogs.mcafee.com/mcafee-labs/cyber-criminals-gain-sophistication/
"随着完整性攻击数量的上升,网络罪犯的复杂度也在升高,来自 McAfee Blog: https://t.co/gDjfIcAJLP"
-
[ Browser ] Rogue Google Chrome Extension Spies On You http://blog.malwarebytes.org/online-security/2016/01/rogue-google-chrome-extension-spies-on-you/
"Google Chrome 流氓扩展正在监视你,来自 MalwareBytes Blog: https://t.co/wRD8hXu1kO"
-
[ Defend ] Chronomorphic Programs: Using Runtime Diversity to Prevent Code Reuse Attacks http://www.sift.net/sites/default/files/publications/icds_2015_4_40_10108%20(2).pdf
"Chronomorphic 程序: 通过运行时库多样性对抗代码重用攻击,Paper: https://t.co/Uw0yJb2pv7"
-
[ Exploit ] Access X86 TEB/PEB w/ C & Assembly : http://securityblog.gr/3208/access-x86-tebpeb-with-c-and-assembly/
"用 C 语言和汇编访问 Windows 8.1 x86 TEB/PEB 数据结构,: https://t.co/VcVt9TgsVW"
-
[ Hardware ] Siemens OZW672 and OZW772 XSS Vulnerability https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01
"西门子 OZW672 和 OZW772 楼宇控制设备 Web 服务器 XSS 漏洞,来自 ICS CERT 公告: https://t.co/q2HATz2Hbp"
-
[ Hardware ] Rockwell Automation MicroLogix 1100 PLC Overflow Vulnerability https://ics-cert.us-cert.gov/advisories/ICSA-16-026-02
"Rockwell Automation 公司的 MicroLogix 1100 PLC 产品存在溢出漏洞,来自 ICS CERT 公告: https://t.co/91MK6TLaAN"
-
[ Hardware ] Reverse engineering Google Nest Devices http://experimental-platform.tumblr.com/post/137835649425/reverse-engineering-google-nest-devices
"逆向 Google Nest 智能家具设备: https://t.co/wP7D2PHTBt"
-
[ Hardware ] Hacking the Zsun WiFi SD Card Reader : https://wiki.hackerspace.pl/projects:zsun-wifi-card-reader
"Hacking Zsun WiFi SD 卡读卡器,来自 Warsaw Hackerspace: https://t.co/mFYE0e4z2g"
-
[ IoTDevice ] Reversing the Dropcam (Part 3): Digging into complied Lua functionality : http://blog.includesecurity.com/2014/08/Reverse-Engineering-Dropcam-Lua-Bytecode.html , Part 2 : http://blog.includesecurity.com/2014/04/reverse-engineering-dropcam-rooting-the-device.html
"逆向 Dropcam 摄像头 Part 3: 深入分析编译后的 Lua 程序: https://t.co/HxcUFJ0qQq Part 2 : https://t.co/CxSjVCc9e4 Part 1: http://blog.includesecurity.com/2014/03/Reverse-Engineering-Dropcam-Communications.html "
-
[ MalwareAnalysis ] Some analysis on the batch script based ransomware https://www.sentinelone.com/blog/xrtn-more-batch-script-based-ransomware/
"基于批处理脚本的勒索软件,来自 SentinelOne Blog: https://t.co/7WMRqRFou1"
-
[ Network ] This is a pretty cool project: https://github.com/sailro/Bdtunnel BoutDuTunnel is able to create virtual connections tunnelled in HTTP requests.
"BoutDuTunnel - 基于 HTTP 请求创建隧道连接的工具, Github Repo: https://t.co/GCvDG2kDlH "
-
[ NetworkDevice ] Remote shutdown vulnerability in Buffalo NAS (Linkstation 420) http://www.securityfocus.com/archive/1/537356
"Buffalo NAS 设备远程关机漏洞 (Linkstation 420),来自 SecurityFocus: https://t.co/F5J6yHFug7"
-
[ Others ] NCC Group has published an eBook called Cyber Risk & Security Guidance for Non-Executive Directors https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/january/cyber-risk-and-security-guidance-for-non-executive-directors-nxds/
"写给非执行董事的网络安全风险向导,来自 NCC Group: https://t.co/05N7DDk4zR "
-
[ Pentest ] PowerShell PoC of Hot Potato privesc - https://github.com/Kevin-Robertson/Tater
"Potato 本地提权工具的 PowerShell 实现(一个脚本文件): https://t.co/5XRBKWw2Fe"
-
[ Popular Software ] PoC Exploit (and Analysis) of yesterday’s CVE-2016-0752 - Rails Remote Code Execution by @ forced_request: https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/
"从 Rails 动态 Render 到 RCE(CVE-2016-0752),来自 nVisium Blog 的 PoC Exploit: https://t.co/s62EEbr8NB"
-
[ Popular Software ] Exciting Tuesday nginx security advisory! CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
"nginx 安全公告:CVE-2016-0742、CVE-2016-0746、CVE-2016-0747: https://t.co/df0KqYa8Cf"
-
[ Tools ] Compiled IDASkins for OS X (attached to the post) http://www.surrendercontrol.com/2016/01/compiling-non-osx-ida-pro-plugins-on-os.html
"作者编译好的 IDASkins 插件(OS X 平台),该插件提供更好的主题样式支持: https://t.co/hWKkRDA7vz "
-
[ Tools ] Check out Trishula - a spampot with a built-in machine learning phishing classifier https://github.com/mertam/shiva (based on the Shiva honeypot)
"shiva - 用于检测垃圾邮件钓鱼的蜜罐,内置一个机器学习分类器,Github Repo: https://t.co/LqxAWtul46 "
-
[ Tools ] a static analyzer for PE executables (untested, feedback welcome) https://github.com/JusticeRage/Manalyze by @ JusticeRage
"Manalyze - PE 可执行文件静态分析工具,支持编译器信息识别、加壳信息识别、可疑字符串搜索、加密常量检测等功能: https://t.co/O3ZPk7e28E"
-
[ Tools ] Triton - A DBA Framework (ver 0.3 released) : http://triton.quarkslab.com/changelog/
"Triton - DBA(动态二进制分析)框架 0.3 版本发布,新版本的 Release Log: https://t.co/Siy3DFaiz7"
-
[ Web Security ] [Blog] Some words on CSRF and cookies http://blog.dornea.nu/2016/01/26/some-words-on-csrf-and-cookies/ #infosec #security #appsec #owasp
"浅谈 CSRF 和 Cookie,来自 Dornea Blog: https://t.co/rIfVtBz7py "
-
[ Windows ] New Blog Post - Windows Commands Abused by Attackers ^ST http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html
"Windows 命令行工具经常被攻击者滥用,用于入侵、采集信息、传播恶意软件。但攻击者对命令行的使用与普通用户有区别呢?又该如何缓解这类攻击呢? 来自 JP CERT Blog: https://t.co/bnon7OoojT"
-
[ Windows ] Privilege escalation (System) via Dolby's DAX2_Api_Service on Windows 10: http://x42.obscurechannel.com/?p=263 https://t.co/FF5CtfmTQr
"通过 Dolby DAX2 API 服务在 Windows 10 系统中提权,Dolby 应用程序利用 Dolby DAX API 服务控制杜比音效组件,来自 Obscure Channel Blog: https://t.co/FF5CtfmTQr https://t.co/Dc5bVJc5xr"
