腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/02/02

Ryan @Fuzion24

[ Android ] POC for remote code execution of TalkingTom by abusing zip files and the multidex lib is now opensource: https://github.com/nowsecure/android-rce-multidex-and-zip-files

"在存在任意文件写漏洞的 MultiDex 应用中实现 RCE， PoC 代码 : https://t.co/1aQRSYt39Q 之前推送过相关的漏洞分析文章： https://www.nowsecure.com/blog/2015/06/15/a-pattern-for-remote-code-execution-using-arbitrary-file-writes-and-multidex-applications/ 这次是作者将 PoC 开源了"
Ryan @Fuzion24

[ Android ] Android Security Bulletin February 2016: https://source.android.com/security/bulletin/2016-02-01.html

"Android 2016 年 2 月份的漏洞公告，其中包括 5 个严重漏洞， 4 个高危漏洞: https://t.co/3U3P2Ahpcd"
Nicolas Krassas @Dinosn

[ Attack ] Top 20 Airline Travel Site http://Yatra.com Victim to Malvertizing - Redirects to Angler EK & Bedep Malware http://blogs.forcepoint.com/security-labs/top-20-airline-travel-site-yatracom-victim-malvertizing-attack-redirects-users-angler

"Top 20 中的航空旅行网站 Yatra.com 受恶意广告影响。会将用户重定向至 Angler EK 和 Bedep 站点： https://t.co/1YATP1ztqi "
Binni Shah @binitamshah

[ Browser ] Native Client : A Sandbox for Portable, Untrusted x86 Native Code : https://www.utdallas.edu/~zxl111930/spring2012/lec18.pdf (pdf) #b2b

"2012 年 4 月， Google 的 Tavis Ormandy 等人对 Native Client（NaCl）沙箱的架构和实现的介绍，《为不可信的 x86 Native Code 设计的可移植的沙箱》， Slides: https://t.co/5aqiKF14uW "
TROOPERS Conference @WEareTROOPERS

[ Conference ] Videos and slides of #PrivacyCon: https://www.ftc.gov/news-events/events-calendar/2016/01/privacycon

"PrivacyCon 会议视频和演讲 Slides: https://t.co/So55wnZGDi"
TrendLabs @TrendLabs

[ Crypto ] New post: SLOTH Downgrades TLS 1.2 Encrypted Channels http://bit.ly/1PQm2lE @ TrendMicro

"SLOTH - TLS 1.2 降级攻击，不同于 POODLE、 FREAK 和 Logjam 的一个新攻击： https://t.co/COeum1Ij6X "
Grant Willcox @tekwizz123

[ Exploit ] Excellent guide on writing x64 shellcode. Recommend reading if your jumping from x86 to x64 shellcoding: https://www.tophertimzen.com/blog/windowsx64Shellcode/

"Windows x64 Shellcode 编写指南: https://t.co/xia2zsyDau"
Binni Shah @binitamshah

[ Hardware ] Don’t Trust Satellite Phones : A Security Analysis of Two Satphone Standards : http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6234409 (pdf)

"别信任卫星电话: 两个卫星电话标准的安全性分析，来自 IEEE 2012 年的一篇 Paper: https://t.co/Xd20or7hug "
TrendLabs @TrendLabs

[ Industry News ] New post: Windows-as-a-Service – Good For Security, But IT Challenges Loom http://bit.ly/2033rlH @ TrendMicro

"Windows-as-a-Service — 对于安全来说是个好事儿，但对于 IT 维护可能就是个挑战了。来自 TrendMicro Blog： https://t.co/iucGhGJcBZ "
grsecurity @grsecurity

[ Linux ] Neat effect for an integer truncation bug: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3625c2c234ef66acf21a72d47a5ffa94f6c5ebf2

"Linux 内核一个整数截断 Bug 的 Patch: https://t.co/KYyK8bobKo"
☩MalwareMustDie @MalwareMustDie

[ MalwareAnalysis ] #Botnet Analysis - Tracking the footprints of PushDo Trojan by our friend @ raashidbhatt on @ blueliv https://www.blueliv.com/research/tracking-the-footproints-of-pushdo-trojan/ #MalwareMustDie

"追踪 PushDo 下载器木马，来自 BlueLiv Blog： https://t.co/j3ESaysgtj "
Francesc @francesc

[ Others ] The slides for my #FOSDEM talk "The State of Go" are already up: http://talks.golang.org/2016/state-of-go.slide Enjoy! #golang

"Go 编程语言现状，来自 FOSDEM 会议: https://t.co/HFZOkORZ8P "
Anders Fogh @anders_fogh

[ Others ] new blog post(techinical): "Row hammer, java script and MESI" http://dreamsofastone.blogspot.de/2016/02/row-hammer-java-script-and-mesi.html

"Row Hammer、 JavaScript 和 MESI 缓存一致性协议，来自 Anders Fogh Blog： https://t.co/nWnKYm17o6"
Binni Shah @binitamshah

[ Others ] TLB and Pagewalk Coherence in x86 Processors : http://blog.stuffedcow.net/2015/08/pagewalk-coherence/

"x86 处理器的 TLB 和 Pagewalk 一致性，来自 stuffedcow Blog: https://t.co/sIjGmKQcXP"
Nicolas Krassas @Dinosn

[ Pentest ] Introducing gophish - An Open-Source Phishing Framework https://getgophish.com/

"gophish - 一个开源的网络钓鱼框架： https://t.co/Y7Tpol24GE"
Binni Shah @binitamshah

[ Pentest ] pykeylogger : A pure python keylogger for linux : https://github.com/amoffat/pykeylogger

"pykeylogger - 纯 Python 写的键盘记录器，就一个 Python 文件, Github Repo: https://t.co/1wXrH9G2HB"
Binni Shah @binitamshah

[ Popular Software ] McAfee privileged SiteList.xml leads to Active Directory domain privilege escalation : https://github.com/tfairane/HackStory/blob/master/McAfeePrivesc.md cc: @ tfairane

"通过 McAfee SiteList.xml 实现 Active Directory 域提权: https://t.co/ZeHNB0w74Q "
Nicolas Krassas @Dinosn

[ ReverseEngineering ] Reverse Engineering Online Games - Dragomon Hunter http://0xbaadf00dsec.blogspot.in/2016/01/reverse-engineering-online-games.html?m=1

"逆向在线游戏猎龙人（Dragomon Hunter）： https://t.co/RmiiFAJGDQ"
Dmitriy Evdokimov @evdokimovds

[ Tools ] Bindead - a static analysis tool for binaries. ELF/PE, x86/x64, IL RREIL, DBI PIN https://bitbucket.org/mihaila/bindead/wiki/Home http://t.co/lRvXuVfuX9

"Bindead - 二进制文件静态分析工具，先将机器码反编译成中间语言（RREIL），再对 RREIL 做抽象分析，用于逆向分析和漏洞挖掘，作者表示已经用该工具发现了一些内存越界访问的问题： https://t.co/kgHDMZMnQZ "
Binni Shah @binitamshah

[ Web Security ] CSP-Bypass : A Burp Plugin for Detecting Weaknesses in Content Security Policies : https://github.com/moloch--/CSP-Bypass

"CSP-Bypass: 用于检查 CSP 头缺陷的 Burp 插件， Github Repo: https://t.co/oBOCdC5h2S"
Binni Shah @binitamshah

[ Windows ] Vulnerable-Driver : A sample vulnerable driver that emulates kernel mode vulnerabilities : https://github.com/scalys7/Vulnerable-Driver

"Vulnerable-Driver - 一个故意存在漏洞的驱动，有点类似 HackSys 的 'Extreme Vulnerable Windows Driver': https://t.co/N81vMIXG1f"

2016/02/02