腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/03/10

Lukas Stefanko @LukasStefanko

[ Android ] #Android banking malware can easily change this targeted attack to different countries or banking apps! http://www.welivesecurity.com/2016/03/09/android-trojan-targets-online-banking-users/ #malware

"Android 银行木马伪装成 Flash Player，可以绕过基于短信的双因素认证。来自 WeLiveSecurity 的分析： https://t.co/tzamZsvGdZ"
darell tan @zxcvgm

[ Android ] Android emulator internals by @ freesamael http://www.slideshare.net/freesamael/study-on-android-emulator-53069679

"Android 模拟器内幕, 来自 Slideshare: https://t.co/kyr7QjEMdF "
Nikolaos Chrysaidos @virqdroid

[ Android ] Android with machine learning to detect malicious code - http://drops.wooyun.org/mobile/13428 (Chinese)

"用机器学习检测Android恶意代码，来自乌云 Drops，作者为 runner： https://t.co/jazkrnBV6j "
Ryan @Fuzion24

[ Android ] Sending of multiple certificate chains leads to some broken TLS cert pinning implementations on Android: https://www.cigital.com/blog/ineffective-certificate-pinning-implementations/

"几个无效 Certificate Pinning 实现方案的测试 - Certificate Pinning 保护机制的绕过，来自 Cigital Blog︰ https://t.co/vNLwW8XyJa"
Threatpost @threatpost

[ Browser ] Latest @ Firefox update fixes 40 vulnerabilities, 22 critical - http://ow.ly/ZgHFp

"Firefox 发布 45 版本,本次修复 40 个漏洞，其中 22 个为 Critical, 来自 ThreatPost 的报道: https://t.co/FmTFF9nDww"
Francisco Falcon @fdfalcon

[ Browser ] This P0 bug in IE is marked as Read AV, underlying cause is indirect call to null function ptr caught by CFG https://code.google.com/p/google-security-research/issues/detail?id=669

"Project Zero Issue 669 IE 读操作访问违例（CAnimatablePropertyListElement::GetCurrentValues）， Crash 的位置是在 CFG 的检查中（LdrpValidateUserCallTargetBitMapCheck）： https://t.co/MmC7xdpLW9 "
Anders Fogh @anders_fogh

[ Hardware ] New blog post (technical): Anvil and next generation rowhammer attacks: http://dreamsofastone.blogspot.de/2016/03/anvil-next-generation-row-hammer-attacks.html

"Anvil 与下一代 Rowhammer 攻击, Anvil 指的是针对这一攻击的防御技术, Blog ︰ https://t.co/2mmA2fnYKC"
Trend Micro @TrendMicro

[ Industry News ] Trend Micro welcomes TippingPoint, DVLabs and the Zero Day Initiative. http://bit.ly/1Tstowt https://t.co/FWNVj8ycYQ

"趋势科技收购了惠普的 TippingPoint,包括旗下的 ZDI: https://t.co/PkTZdPCUog https://t.co/FWNVj8ycYQ"
Ben Hawkes @benhawkes

[ Linux ] Linux netfilter IPT_SO_SET_REPLACE memory corruption: https://code.google.com/p/google-security-research/issues/detail?id=758

"Linux netfilter IPT_SO_SET_REPLACE 内存破坏漏洞, 来自 Project Zero Issue 758: https://t.co/M3AAmoRTQC"
Giuseppe `N3mes1s` @gN3mes1s

[ Linux ] Sigreturn-oriented programming and its mitigation - https://lwn.net/Articles/676803/ https://lkml.org/lkml/2016/2/6/166

"SROP(Sigreturn-oriented programming) 攻击以及缓解技术: https://t.co/B0amp4H94J https://t.co/4ib1e6epEn 关于 SROP, 红黑联盟网站有一篇文章参考: http://www.2cto.com/Article/201512/452080.html "
Nicolas Krassas @Dinosn

[ Malware ] Macro Malware Associated With Dridex Finds New Ways to Hide https://blogs.mcafee.com/mcafee-labs/macro-malware-associated-dridex-finds-new-ways-hide/

"银行木马 Dridex 相关的宏恶意软件又发现了新的隐藏方法，来自 McAfee Blog： https://t.co/qG3f2nJRIj"
Nicolas Krassas @Dinosn

[ Malware ] Alpha Testing the AlphaLeon HTTP Bot http://www.arbornetworks.com/blog/asert/alpha-testing-alphaleon-http-bot/

"Arbor Blog 对 AlphaLeon HTTP Bot 的分析: https://t.co/Ux0wQqroDQ"
Tamas K Lengyel @tklengyel

[ MalwareAnalysis ] Slides of my DCC2016 presentation: Stealthy, Hypervisor-based Malware Analysis http://www.slideshare.net/tklengyel/stealthy-hypervisorbased-malware-analysis

"基于 Hypervisor、具有强隐蔽性的恶意软件分析技术, 来自 DCC2016 会议的演讲: https://t.co/ohIRQfGhrD"
PythonArsenal @PythonArsenal

[ MalwareAnalysis ] unpacker - script to automate malware unpacking. Based on WinAppDbg. https://github.com/malwaremusings/unpacker/

"unpacker - 基于 WinAppDbg 调试器的恶意代码分析工具，可以检测脱壳行为、Dump 原始内存、Dump 解密后的网络流量： https://t.co/rFRmPM79SD"
Nicolas Krassas @Dinosn

[ Network ] How to exploit TFTP protocol to launch powerful DDoS amplification attacks http://securityaffairs.co/wordpress/45159/hacking/tftp-ddos-amplification-attacks.html

"如何利用 TFTP 协议发起 DDoS 放大攻击, 来自 SecurityAffairs 的报道, 文中有相关 Paper 的链接: https://t.co/VT6umjWwdH"
Nicolas Krassas @Dinosn

[ Others ] The Problem with Dynamic Program Analysis http://blog.trailofbits.com/2016/03/09/the-problem-with-dynamic-program-analysis

"目前,有很多工具采用动态分析的方法寻找程序中的漏洞, 这篇 Blog 谈动态分析无法遍历所有路径的问题: https://t.co/MfqzbfFcG6 "
Full Disclosure @SecLists

[ Others ] [CORE-2016-0003] - Samsung SW Update Tool MiTM http://goo.gl/fb/8SBwu8 #FullDisclosure

"三星软件更新工具中间人劫持漏洞，该工具会分析系统中的驱动，为的是更方便的给用户安装或者更新软件、驱动。来自 FullDisclosure 的公告： https://t.co/CCz5C0NFDl "
Justin Lowery @jlowerydevelops

[ Others ] Fingerprinting anonymous TOR users by their mouse wheel movements. Impressive. https://twitter.com/mikko/status/707217643686785024

"基于鼠标滚轮的移动数据获取匿名 TOR 用户 Web 指纹图谱: https://t.co/4qMSsbeY37 技术 Blog: http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html "
Nicolas Krassas @Dinosn

[ Others ] SSD Advisory – Zyxel Remote Unauthenticated Code Execution (NSA310) https://blogs.securiteam.com/index.php/archives/2694

"网络存储设备 Zyxel NSA310 存在远程未授权代码执行，而且是以 Root 权限： https://t.co/3EqdZPUTq6"
Tom Creedon @n300trg

[ Others ] 360's report on OnionDog APT set “洋葱狗”潜伏3年终曝光定期偷袭能源及交通行业 #cybersecurity #China http://bobao.360.cn/learning/detail/2783.html

"“洋葱狗”潜伏3年终曝光定期偷袭能源及交通行业, 来自 360 安全播报: https://t.co/blMqs0I4wY"
Sean Metcalf @PyroTek3

[ Pentest ] Sneaky #ActiveDirectory Persistence: Computer Accounts & Domain Controller Silver Tickets https://adsecurity.org/?p=2753 https://t.co/jLZ8r2JXQz

"Active Directory 攻击维持技术 Part 16︰计算机账户与域控制器 Silver Tickets: https://t.co/3OtiAcFi6C https://t.co/jLZ8r2JXQz"
Nicolas Krassas @Dinosn

[ Pentest ] WMI Post-Exploitation with CrackMapExec https://www.trustedsec.com/march-2016/wmi-post-exploitation/

"WMI Post-Exploitation with CrackMapExec: https://t.co/41pR7sZGIu"
Nicolas Krassas @Dinosn

[ Popular Software ] Bind DNS remote exploit vuln: CVE-2016-1285: An error parsing input received by the rndc control channel... https://kb.isc.org/article/AA-01352/74/CVE-2016-1285%3A-An-error-parsing-input-received-by-the-rndc-control-channel-can-cause-an-assertion-failure-in-sexpr.c-or-alist.c.html

"Bind 9 DNS CVE-2016-1285 拒绝服务，在处理 rndc 控制信道收到的数据时触发 Assert，导致服务退出： https://t.co/HnXYgjBPzy"
Nicolas Krassas @Dinosn

[ ThirdParty ] Memory Corruption Vulnerability in "libotr" https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/

" OTR 加密消息传输协议实现库 libotr 内存破坏漏洞, 来自 X41-D Sec 的公告: https://t.co/5038DEJhFq "
Rapid7 @rapid7

[ ThreatIntelligence ] Threat Intelligence Foundations: Crawl, Walk, Analyze (part 1) http://bit.ly/1P0n8UL Blog series by @ PDXbek

"威胁情报的等级划分和使用方式，来自 Rapid 7 威胁情报系列文章里的第一篇： https://t.co/NlOWg1LiSI "
Full Disclosure @SecLists

[ ThreatIntelligence ] New Security Tool: MrLooquer - IPv6 Intelligence http://goo.gl/fb/cmkq6a #FullDisclosure

"MrLooquer - 结合开源情报技术和数据挖掘技术, 创建实时 IPv6 部署情况图: https://t.co/wRtFGunEMX "
quarkslab @quarkslab

[ Tools ] [BLOG+TOOL] Binmap: a system scanner http://blog.quarkslab.com/binmap-a-system-scanner.html Vulnerability research is not only about luck, it is also about strategy

"Binmap - 开源扫描器,搜索系统中所有文件,收集程序、库的各种信息,如依赖信息、符号信息等: https://t.co/9jjh00ka3I "
Magnus Stubman @magnusstubman

[ Web Security ] One XSS vector to rule them all: https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot #infosec #xss

"一个 XSS Payload 实现 Rule Them All - 这篇文章介绍作者写的一个 XSS Payload，可以适应各种各样的上下文环境︰ https://t.co/gmpIgzJpeT "
Jack Mannino @jack_mannino

[ Web Security ] Exploring Server-Side Template Injection in Flask/Jinja2 https://nvisium.com/blog/2016/03/09/exploring-ssti-in-flask-jinja2/

"Flask/Jinja2 中的服务端模板注入，来自 Nvisium Blog： https://t.co/ERMnMEBi9H"
Nicolas Krassas @Dinosn

[ Web Security ] Analysis on a remote code execution on SpagoBI https://remoteawesomethoughts.blogspot.com/2016/03/spagobi-remote-code-execution-by.html

"开源商务智能套件 SpagoBI 远程代码执行漏洞分析： https://t.co/b3QuzxGHsi "

2016/03/10