腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/02/16

Duo Security @duosec

[ Android ] Android malware roots devices, installs Tor/a proxy app to steal data; spotted in attacks - http://duo.sc/AndroidBot https://t.co/7WcPF1RiDr

"Android 恶意软件 Mazar Root 用户设备，安装 Tor 代理程序，窃取用户数据，来自 DUO Security Blog： https://t.co/HxCuhSemM8 "
John Kozyrakis @ikoz

[ Android ] My write-up on the new Network Security Policy configuration options that Android apps will soon be able to use: https://koz.io/network-security-policy-configuration-for-android-apps/

"Android 应用很快将可以使用新的网络安全配置策略，来自 Koz Blog: https://t.co/XBORsG2R07"
Security Response @threatintel

[ Attack ] The Latest Intelligence for January 2016 sees a rise in fake offer #SocialMedia #scams http://symc.ly/20XyDVK https://t.co/W1PsM10Mbn

"Symantec 2016 年 1 月份的威胁情报报告： https://t.co/B70PcEzxo5 "
Binni Shah @binitamshah

[ Detect ] Hunting through RDP Data : https://speakerdeck.com/jshlbrd/hunting-through-rdp-data cc: @ jshlbrd (Slides)

"基于 RDP 数据的网络威胁检测，来自 BroCon 2015 会议上的演讲: https://t.co/eK5XC8fhNg "
Binni Shah @binitamshah

[ Exploit ] Introduction to Windows Shellcode Development (Part 3): http://securitycafe.ro/2016/02/15/introduction-to-windows-shellcode-development-part-3/ ,Part 2: http://securitycafe.ro/2015/12/14/introduction-to-windows-shellcode-development-part-2/ ,1: http://securitycafe.ro/2015/10/30/introduction-to-windows-shellcode-development-part1/

"来自 Security Cafe 的 Windows Shellcode 开发指南 Part 3: https://t.co/GCKY9IOr9i Part 2: https://t.co/UyddCeKUsy Part 1: https://t.co/tmQY7CsQ8e"
Felipe Manzano @feliam

[ Fuzzing ] Some new hot tricks (research area) on Symbolic Execution - Counting Path Constraint solucions - Tha paper here: http://www.iste.uni-stuttgart.de/fileadmin/user_upload/iste/zss/publications/supplementaryMaterial/2014-FSE-IncludingErrata.pdf

"基于依据采样的符号执行， Paper: https://t.co/ZaSyN4YUtE"
Balint Seeber @spenchdotnet

[ Hardware ] Video of "Hacking the Wireless World: #sdr Exploits" from #shmoocon 2016 is online: https://archive.org/details/Hacking_The_Wireless_World Slides: http://spench.net/drupal/files/Balint_Seeber-ShmooCon_2016.pdf

"无线电世界的 Hacking - SDR Exploits，来自 ShmooCon 2016 会议，视频: https://t.co/MN6Niut6DP Slides: https://t.co/nKez0YnLS3"
qwertyoruiop @qwertyoruiop

[ iOS ] iOS (up to) 9.3b3 IOHIDFamily Use-After-Free (incorrect patch for CVE-2015-6974) https://ghostbin.com/paste/s3tz7

"iOS 9.3b3 IOHIDFamily UAF 漏洞 (CVE-2015-6974 的补丁没补好)，来自 GhostBin： https://t.co/kozQEUhbpu"
Golden G. Richard @nolaforensix

[ Malware ] Malware samples zoo (source and binaries): https://github.com/ytisf/theZoo.git #reverseengineering #dfir

"theZoo - 恶意软件样本库(源码和二进制)， Github Repo: https://t.co/K9ZVgRIEFe "
PHR34K @unpacker

[ Malware ] Decrypter for HydraCrypt and UmbreCrypt available http://blog.emsisoft.com/2016/02/12/decrypter-for-hydracrypt-and-umbrecrypt-available/

"HydraCrypt 和 UmbreCrypt 恶意软件的解密工具下载： https://t.co/vc4zTK4RMR "
PHR34K @unpacker

[ Malware ] PadCrypt: The first ransomware with Live Support Chat and an Uninstaller http://www.bleepingcomputer.com/news/security/padcrypt-the-first-ransomware-with-live-support-chat-and-an-uninstaller/

"PadCrypt: 第一个提供在线聊天和卸载器的勒索软件： https://t.co/DQNcCurefW "
Binni Shah @binitamshah

[ Others ] How To Write An LLVM Register Allocator : https://github.com/nael8r/How-To-Write-An-LLVM-Register-Allocator/blob/master/HowToWriteAnLLVMRegisterAllocator.rst

"如何写一个 LLVM 寄存器分配器，来自 Github Page: https://t.co/4NCRXOGUIC"
the grugq @thegrugq

[ Others ] The dark side of Big Data. https://www.martinruenz.de/article/data-privacy/2016/02/14/the-dark-side-of-big-data.html

"大数据的黑暗面，来自 Martin Rünz Blog： https://t.co/45KVXPZr7l"
r2d3.us @r2d3us

[ Others ] Machine learning explained in interactive visualizations (part 1) http://www.r2d3.us/visual-intro-to-machine-learning-part-1/ #d3js #machinelearning

"交互式可视化介绍机器学习 Part 1，来自 R2D3: http://t.co/g75lLydMH9 "
Threatpost @threatpost

[ Popular Software ] .@ VMware reissues incomplete vCenter Server patch for a RCE flaw - http://ow.ly/YlJox

"VMware 补发了一个补丁，修复 vCenter Server 的 RCE 漏洞，来自 ThreatPost 的报道： https://t.co/VNRsrxEh9a"
Nicolas Krassas @Dinosn

[ Popular Software ] Serialization Must Die, Part 1: Attacking Kryo https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-1-kryo

"Serialization Must Die， Part 1: 攻击 Java 序列化框架 Kryo，来自 Contrast Security Blog： https://t.co/egxpmUNtoE"
E.Law @libNex

[ Popular Software ] Finally finished my writeup on PHP Mem-read via gdImageRotate. POC attached: http://www.libnex.org/blog/exploitingcve-2016-1903memoryreadviagdimagerotateinterpolated

"Exploit PHP CVE-2016-1903 - 通过 gdImageRotate 实现内存读取，来自 libNex Blog: https://t.co/XCEk7EvVpi"
Nicolas Krassas @Dinosn

[ ReverseEngineering ] Reverse engineering ARM1 instruction sequencing, compared with the Z-80 and 6502 http://www.righto.com/2016/02/reverse-engineering-arm1-instruction.html

"逆向 ARM1 指令序列，与 Z-80 和 6502 比较： https://t.co/25PAcctPGU"
Takashi Toyota @t_toyota

[ Rootkit ] Rootkit basics ---> DKOM http://bsodtutorials.blogspot.ca/2014/01/rootkits-direct-kernel-object.html A bit out of date though...

"Rootkit 基础知识：直接操作内核对象和进程，来自 BSOD Blog 2014 年的一篇文章： https://t.co/IbC6JWmT7r "
Quequero @quequero

[ SecurityProduct ] FireEye Detection Evasion and Whitelisting of Arbitrary Malware: https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-001/

"FireEye 检测引擎逃逸、任意恶意软件白名单漏洞，该漏洞由 Blue Frost 的 Moritz Jodeit 发现: https://t.co/1yiEEuWu8P"
LLVM Weekly @llvmweekly

[ ThirdParty ] A detailed write-up of WebKit's new B3 JIT, which replaces LLVM as the low-level optimiser for the FTL JIT https://webkit.org/blog/5852/introducing-the-b3-jit-compiler/

"WebKit 新 JIT 编译器 B3 介绍，来自 Webkit Blog： https://t.co/qlTtNWU0zQ"
MaL DeveL @maldevel

[ Tools ] Patching ROP-encoded shellcodes into PEs https://github.com/gpoulios/ROPInjector

"ROPInjector - 将 ROP 格式编码的 Shellcode 注入到指定的 PE 文件中， Github Repo： https://t.co/5NybFGvZe7 "
Nicolas Krassas @Dinosn

[ Tools ] Dynamic analysis of a Windows shellcode using Miasm http://www.miasm.re/blog/2016/02/12/dynamic_shellcode_analysis.html

"用 Miasm 工具动态分析 Windows Shellcode，来自 Miasm Blog： https://t.co/xvcgqZ4MsJ "
bettercap @bettercap

[ Tools ] SSL Stripping and HSTS Bypass with BetterCap https://www.bettercap.org/blog/sslstripping-and-hsts-bypass/#.VsHQflQ9TwA.twitter https://t.co/aCSrbzBfLy

"BetterCap 1.3.8 版本开始支持 SSL Stripping 和 HSTS Bypass 功能： https://t.co/cw7mDpRmS5 "
Full Disclosure @SecLists

[ Tools ] Search for security advisories, CVEs, exploits, #nessus scripts, hack forums, bug bounty programs, and more with http://vulners.com

" Vulners 搜索引擎，可以搜索漏洞公告、Exploit、Nessus 扫描器脚本等： https://t.co/V2e3DYx3NA "
Binni Shah @binitamshah

[ Tools ] Introducing LECmd - a lnk processing tool that supports all available structures, json and csv support : http://binaryforay.blogspot.in/2016/02/introducing-lecmd.html

"LECmd - lnk （快捷方式文件）处理工具，它支持所有的现有结构，支持 json 和 csv: https://t.co/8A2SAoBces"
KT @koczkatamas

[ Windows ] Just uploaded an EoP (SYSTEM) exploit for my CVE-2016-0051 (MS16-016): https://github.com/koczkatamas/CVE-2016-0051 https://t.co/DVJLCrUVDe

"Windows CVE-2016-0051(MS16-016) 蓝屏和 SYSTEM 提权 PoC， Github Repo : https://t.co/xv2asLBMwq "

2016/02/16