腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/
"Android 木马 'Xbot' 通过钓鱼手段盗取信用卡和银行帐户信息, 加密用户 SD 卡的文件, 勒索用户: https://t.co/gY3KARmXI9 "
-
[ Browser ] PoC of CVE-2016-0069 / MS16-009 Cross origin URL information leakage of Internet Explorer http://d.hatena.ne.jp/hasegawayosuke/20160220/p1
"IE CVE-2016-0069/MS16-009 跨域 URL 信息泄漏 PoC: https://t.co/WjTVPepDOB"
-
[ Browser ] FortiGuard discloses another couple Microsoft vulnerabilities. Get all the bits and bytes here http://ftnt.net/1otap7I
"IE 信息泄露(CVE-2016-0059/MS16-006)漏洞分析,要想利用这个漏洞,需要用户点击邮件或者 Office 文档中的链接。 来自 FortiGuard 的 Blog: http://blog.fortinet.com/post/analysis-of-cve-2016-0059-microsoft-ie-information-disclosure-vulnerability-discovered-by-fortinet "
-
[ Defend ] Tracing privileged memory accesses to discover software vulnerabilities - https://os.itec.kit.edu/downloads/ma_2015_wilhelm_felix__discover_software_vulnerabilities.pdf
"通过追踪特权内存的访问来发现软件漏洞, 当共享内存的一端比另一端拥有更高的特权,那么共享内存就是一个信任边界。 来自 卡尔斯鲁厄理工学院的 Paper: https://t.co/P5QGGyrlRI"
-
[ Hardware ] Semi-invasive attacks - A new approach to hardware security analysis - https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf
"半侵入型攻击 - 硬件安全分析的新方法, 这篇 Paper 将硬件攻击分为 侵入型、非侵入型、半侵入型攻击: https://t.co/5hHUi8eti5"
-
[ Linux ] Investigating a Compromised Server with Rootcheck https://blog.sucuri.net/2016/02/investigating-a-compromised-server-with-rootcheck.html -> Pushed some nice updates to OSSEC rootcheck.
"通过 Rootcheck 工具检查 Linux/BSD 系统是否被入侵: https://t.co/4xiVGwoeYU"
-
[ MalwareAnalysis ] Polymorphic Javascript malware : http://www.sjoerdlangkemper.nl/2016/02/18/polymorphic-javascript-malware/ ; encoded-js-trojan : https://github.com/Sjord/encoded-js-trojan
"多态型 JavaScript 恶意代码分析: https://t.co/QNyFLOVeNJ 编码后的 JS 木马: https://t.co/fxFFzsYhSr"
-
[ Pentest ] PowerShell & VBScript : Getting full DB access via restricted desktop : https://www.pentestpartners.com/blog/powershell-and-vbscript-getting-full-db-access-via-restricted-desktop-apps/
"PowerShell & VBScript: 通过受限制的桌面应用获取数据库的完全访问权限, 来自 PentestPartners Blog: https://t.co/DBdfjNeJdm"
-
[ Pentest ] Brosec : An interactive reference tool to help security professionals utilize useful payloads and commands : https://github.com/gabemarshall/Brosec
"Brosec - 交互式 Payloads 生成工具: https://t.co/N2PrpFCjGE"
-
[ SecurityProduct ] QuickHeal webssx.sys driver DOS vulnerability : https://drive.google.com/file/d/0B0JU6vO5_GbmNXBOWWVZTHpzeGc/view , PoC : https://github.com/theevilbit/exploits/tree/master/quickheal_webssx_dos cc: @ theevilbit
"印度著名安全软件 QuickHeal 的驱动 webssx.sys 存在拒绝服务漏洞: https://t.co/LC8aqBHBF9 PoC : https://t.co/yzpyzdPvRd "
-
[ ThirdParty ] A Skeleton Key of Unknown Strength (CVE-2015-7547) : http://dankaminsky.com/2016/02/20/skeleton/ cc: @ dakami
"未知力量的万能钥匙 (glic DNS Bug CVE-2015-7547): https://t.co/Hlpkq4bxe8 "
-
[ Tools ] PeachPy : x86-64 assembler embedded in Python : https://github.com/Maratyszcza/PeachPy
"PeachPy: 高效可移植的 x86-64 汇编代码生成器, Python 语言编写。 Github Repo: https://t.co/pMsVcnv3GE"
-
[ Windows ] First personal blog post in a while, a silly bug in Explorer and how to track down the bad code. http://tyranidslair.blogspot.co.uk/2016/02/tracking-down-root-cause-of-windows.html
"Windows Explorer 在处理 NTFS 符号链接时的一个 Bug 分析, 来自 James Forshaw Blog: https://t.co/NEnuWo1dOd"