腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/01/28

Bâkır EMRE @bemre

[ Android ] .@ OguzhanTopgul Android.#BankingPhisher malware detailed analysis [in Turkish] - http://bit.ly/1JEEH14 #Android #Malware #Bankingtrojan

"一款 Android 银行钓鱼恶意样本的分析（土耳其语）： https://t.co/valWgO7HOg"
Nikolaos Chrysaidos @virqdroid

[ Android ] Androl4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis - https://github.com/sh4hin/Androl4b

"Androl4b - 用于评估 Android 应用、逆向和分析恶意软件的虚拟机： https://t.co/J2ECKIxTor"
Android Tamer @AndroidTamer

[ Android ] Just-in : Android sensord 0day root exploit : https://www.exploit-db.com/exploits/39340/

"Android sensord 0Day Root Exploit PoC，来自 ExploitDB: https://t.co/Ec3MrdktsJ"
Nicolas Krassas @Dinosn

[ Attack ] Israel’s Electric Authority slammed with ‘severe’ cyberattack http://feedproxy.google.com/~r/SecurityBloggersNetwork/~3/HnxSgKs8H1o/story01.htm

"以色列电力遭到黑客攻击： https://t.co/NKKqvAYfPS"
James Forshaw @tiraniddo

[ Browser ] With the promotion of Chrome 48 to stable you can now turn on PDF Win32k lockdown and AppContainer on Win8+ :-) https://t.co/Abem5fYY5X

"Chrome 48 开始支持在 Windows 8+ 开启 PDF Win32k lockdown 和 AppContainer 了： https://t.co/Abem5fYY5X"
Threatpost @threatpost

[ Browser ] Mozilla patched a handful of critical vulns with Firefox 44 - http://ow.ly/XB6Ru

"Mozilla Firefox 44 版本修复了多个严重漏洞，来自 ThreatPost 的报道： https://t.co/Qq7jLkkf1X"
Iván @aszy

[ Detect ] Zero-Day Attack Detection Using Collaborative and Transduction-Based Anomaly Detectors http://digilib.gmu.edu/dspace/bitstream/handle/1920/9882/Hiremagalore_gmu_0883E_10953.pdf?sequence=1&isAllowed=y

"基于协作和 TCM 异常探测器实现的 0Day 攻击检测技术，来自乔治梅森大学的 Paper： https://t.co/WCdNvUdC6s"
Binni Shah @binitamshah

[ Exploit ] Writing ia32 alphanumeric shellcodes : http://phrack.org/issues/57/15.html#article #Phrack #b2b

"写一个纯字母数字组成的 ia32 Shellcode，来自 Phrack Issue 57 (2001 年 11 月) 的文章： https://t.co/62Ft8NHLQg"
Binni Shah @binitamshah

[ Exploit ] “ROP on ARM” : Return-Oriented Programming : https://docs.google.com/viewer?url=dl.dropbox.com%2Fu%2F2595211%2FROP_ARMEXP.pdf (pdf)

"ROP on ARM - ARM Exploit 实战： https://t.co/QjQ1ehCRj2"
TROOPERS Conference @WEareTROOPERS

[ Hardware ] arduino-canbus-monitor https://github.com/latonita/arduino-canbus-monitor https://t.co/tmhw77Sni2

"基于 Arduino 的 CAN BUS 监控工具， Github Repo： https://t.co/ct0PWXjkKN 还有一个 CAN BUS 相关的论坛： http://www.canhack.org/board/ "
FireEye @FireEye

[ iOS ] Hot or Not? The Benefits and Risks of #iOS Remote Hot Patching http://bddy.me/1lS0Q0m #JSPatch #mobile

"Hot or Not? iOS 远程 Hot Patching 的利与弊： https://t.co/y07T556YsR "
Nicolas Krassas @Dinosn

[ iOS ] iOS / OS X Kernel Uninitialized Variable Code Execution https://packetstormsecurity.com/files/135444/GS20160127181317.tgz

"iOS/OS X 内核 device.defs 未正确处理错误条件，触发未初始化变量代码执行漏洞（CVE-2016-1721），来自 PacketStorm： https://t.co/fJlrdBuonu"
Binni Shah @binitamshah

[ Linux ] Linux Kernel - prima WLAN Driver Heap Overflow : https://www.exploit-db.com/exploits/39308/

"Linux 内核 WLAN 驱动堆溢出漏洞 PoC（CVE-2015-0569），这个漏洞也影响 Android : https://t.co/tC7UFuLxJQ 另外这次修复的还有其他几个 WLAN 驱动漏洞： https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015 "
Binni Shah @binitamshah

[ Malware ] Malware Operator Barters With Security Researcher To Remove Open Source Ransomware Code : http://news.softpedia.com/news/ransomware-author-blackmails-security-researcher-who-refuses-to-give-in-499437.shtml

"恶意软件作者发信安全研究员，希望它删除 Github 上的开源勒索项目的代码: https://t.co/PawRnwgphl"
PHR34K @unpacker

[ MalwareAnalysis ] Metamorphic Code In Ransomware http://blog.fortinet.com/post/metamorphic-code-in-ransomware

"勒索软件 Virlock 中的变形代码分析，来自 Fortinet Blog： https://t.co/laIkVux2BO"
Binni Shah @binitamshah

[ Pentest ] Python Tools : Penetration Testers Arsenal : https://offensiveci.joomla.com/62-python-tools-penetration-testers-arsenal

"62 个渗透测试 Python 工具: https://t.co/DXxECxozlR"
Nicolas Krassas @Dinosn

[ Pentest ] [webapps] - Glassfish Server - Arbitrary File Read Vulnerability https://www.exploit-db.com/exploits/39241

"Glassfish 服务器任意文件读取漏洞 PoC，来自 ExploitDB： https://t.co/APdM2QJv9x"
Full Disclosure @SecLists

[ Popular Software ] Eclipse BIRT Report Viewer <= 4.5.0 XSS http://goo.gl/fb/yT0RTa #FullDisclosure

"Eclipse BIRT 报表查看器 4.5.0 之前版本 XSS 漏洞，来自 FullDisclosure： https://t.co/OUsCvlY4mO "
dragosr @dragosr

[ Sandbox ] CanSecWest 2016 (Mar. 16-18) Presentation: Sandbox Escape with Generous Help from Security Software - Chuanda Ding, Tencent Xuanwu Lab

"腾讯玄武实验室的 Chuanda Ding 将在 2016 年 3 月份的 CanSecWest 会议上演讲《在安全软件的慷慨帮助下逃逸沙箱》"
Nicolas Krassas @Dinosn

[ ThirdParty ] Bypassing MiniUPnP Stack Smashing Protection http://blog.talosintel.com/2016/01/bypassing-miniupnp-stack-smashing.html

"Bypass MiniUPnP 库的 Stack Smashing 保护， MiniUPnp 用于使位于不同 NAT 防火墙内的两台设备互联互通，来自 Talos Blog： https://t.co/z4cK4XCCRj"
zerothoughts @zerothinking

[ ThirdParty ] Unpatched java bytecode injection in Spring Framework through untrusted deserialization, http://zerothoughts.tumblr.com/post/137831000514/spring-framework-deserialization-rce #java #server #0day

"Spring 框架 Java 反序列化 RCE，来自 Zero thoughts Blog： https://t.co/04Fx4Z0xKn"
Binni Shah @binitamshah

[ ThirdParty ] Finding a CSRF vulnerability in phpBB : https://www.landaire.net/blog/finding-a-csrf-vulnerability-in-phpbb/

"在 phpBB 框架中找一个 CSRF 漏洞: https://t.co/0M7UotWxJd"
Nicolas Crocfer @ncrocfer

[ Tools ] Whatportis, a command to search port names and numbers https://github.com/ncrocfer/whatportis #python #sysadmin #devops https://t.co/DHgqwupDCn

"Whatportis - 端口和服务映射搜索工具，可以根据端口搜服务，也可以根据服务搜端口： https://t.co/DHgqwupDCn https://t.co/WUxc1iha5v"
Daniel Bilar @daniel_bilar

[ Tools ] QIRA debugger [debug in the past, execution as timeless trace; Linux, IDA integration] http://qira.me/ https://t.co/UOSFhytAUL

"QIRA 调试器 - 该调试器会在程序运行时记录下所有的状态，因此无需反复运行被调试程序。这个调试器还是开源的，作者为 GeoHot： https://t.co/UOSFhytAUL https://t.co/MFGZDC124y"
Robert Rodriguez @RobInfoSecInst

[ Web Security ] SQL Injection Analysis http://goo.gl/uhsbgD #MalwareAnalysis #SQLInjecton

"来自 InfoSec Blog 的 SQL 注入攻击技术分析： https://t.co/DYjIOce5mg"
Binni Shah @binitamshah

[ Web Security ] XSS without HTML: Client-Side Template Injection with AngularJS : http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html

"无 HTML 的 XSS - AngularJS 客户端模板注入，来自 PortSwigger Blog: https://t.co/XTAwlHu1rx"
Alex Ionescu @aionescu

[ Windows ] My Recon 2015 talk on stealthy hooks is *FINALLY* up. Video: https://recon.cx/2015/recordings/recon2015-12-alex-ionescu-Hooking-Nirvana.mp4 PDF: http://www.alex-ionescu.com/Estoteric%20Hooks.pdf C: https://github.com/ionescu007/HookingNirvana

"Hooking Nirvana - 隐秘的插桩技术，来自 Alex Ionescu 在 Recon 2015 会议的演讲，视频: https://t.co/IPzOXPi9NA Github Repo： https://t.co/UrNBUiK7UX Slides： https://t.co/s7GEXqXQxb "
Florian Roth @Cyb3rOps

[ Windows ] Active Directory Recon Without Admin Rights #Powershell by @ PyroTek3 https://adsecurity.org/?p=2535 https://t.co/mzqiEPfZ2d

"无需管理员权限探测 Active Directory 信息，来自 ADSecurity Blog： https://t.co/2Q2Yc0WuNX https://t.co/mzqiEPfZ2d"
David Wilson @daviwil

[ Windows ] Introducing the Windows PowerShell ISE Preview: http://blogs.msdn.com/b/powershell/archive/2016/01/20/introducing-the-windows-powershell-ise-preview.aspx https://t.co/3osPQFYRQs

"Windows PowerShell ISE Preview，微软新推出了一个扩展，可以通过这个扩展直接在 Visual Studio Code 中调试 PowerShell: https://t.co/3osPQFYRQs https://t.co/AZpA7UWT2o"
fpi @dfirfpi

[ Windows ] Windows ReVaulting, decrypting Windows Credentials and Vaults, http://goo.gl/bvZTtu #dfir #python #windows #dpapi #credentials #vault

"Windows Vaults 和 Credentials 用于存储敏感信息，如用户名和密码，在登陆 Web 网站、服务、计算机时使用，这篇文章介绍这些信息是如何被存储和保护地，以及如何离线地解密这些数据。这篇 Blog 的内容来自作者在 2015 DFIR 布拉格峰会的演讲： https://t.co/CNkLOIgD6d"

2016/01/28