腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/03/14

TrendLabs @TrendLabs

[ Attack ] #Seagate is latest org targeted by #phishing attack: http://bit.ly/1TrD5uZ

"Seagate 员工收到钓鱼税收欺诈攻击︰ https://t.co/IQRlPkEvzo"
Jóseph Mlodzìanowskì @cedoxX

[ Attack ] How a Hacker's Typo Foiled a Billion-Dollar Bank Heist http://nbcnews.to/1XhFpmx

"因为一个单词拼写错误,黑客的亿元银行盗窃行动暴露了: https://t.co/JtH8eHN8vG"
the grugq @thegrugq

[ Crypto ] How the ANC used encryption to help defeat apartheid. documentary: https://www.youtube.com/watch?v=zSOTVfNe54A paper: http://www.anc.org.za/show.php?id=4693

"ANC（非洲国民大会）是如何用加密的方法对抗种族隔离的， Youtube 视频︰ https://t.co/iB7sZU4fY0 Paper︰ https://t.co/p37YljWy5M"
Nicolas Krassas @Dinosn

[ Forensics ] How to parse Windows Eventlog http://dfir-blog.com/2016/03/13/how-to-parse-windows-eventlog/

"如何解析 Windows 事件日志，来自 DFIR Blog： https://t.co/XVfSOQdKWg"
Ci-gît le coq volant @lamagicien

[ Fuzzing ] AFL + MirageOS = <3 http://canopy.mirage.io/Posts/Fuzzing

"Stephen Dolan 为 OCaml 编译器写了一个 Patch, 以支持 AFL 对 OCaml 应用的 Fuzz 测试: https://t.co/GEJzK21xiN"
Dmitry Chestnykh @dchest

[ Linux ] Lots of Gnome apps use insecure connections and vulnerable WebKit https://blogs.gnome.org/mcatanzaro/2016/03/12/do-you-trust-this-application/

"目前还有很多的 Gnome 应用没有使用 HTTPS 连接，以及使用存在漏洞的 WebKit 版本。来自 Gnome Blog： https://t.co/HX6XOTIXu5"
Binni Shah @binitamshah

[ Linux ] Linux Kernel Exploitation : https://jon.oberheide.org/files/source10-linuxkernel-jonoberheide.pdf (Slides) #b2b

"Linux 内核漏洞利用技术，来自 2010 年的 SOURCE 会议︰ https://t.co/psFPKgNoVr "
Binni Shah @binitamshah

[ Linux ] Timers and time management in Linux kernel - Intro to clockevents framework : https://github.com/0xAX/linux-insides/blob/master/Timers/timers-5.md //Linux-inside series cont'd cc: @ 0xAX

"Linux-Insides 系列文章 - 内核定时器和时间管理 - 时钟事件框架简介︰ https://t.co/PN8rIXmusc "
Binni Shah @binitamshah

[ Linux ] Linux Filesystem Poster for Novices* : http://imgur.com/yWfCliF https://t.co/VRfdWmdvYl

"一张图展示 Linux 文件系统的目录结构: https://t.co/gy6EzXzykF https://t.co/VRfdWmdvYl"
Binni Shah @binitamshah

[ MalwareAnalysis ] Enabling Worm and Malware Investigation Using Virtualization : http://www.slideshare.net/amiable_indian/enabling-worm-and-malware-investigation-using-virtualization (Slides) via @ dronadroid

"基于虚拟化的蠕虫和恶意代码分析技术，来自 Slideshare ︰ https://t.co/DwJlC6vyU2 "
Alex Casanova @hflistener

[ Network ] Now, It´s time to play with #srsLTE https://github.com/srsLTE/srsLTE #LTE #4G #GSM https://t.co/hnpEUGs8lI

"srsLTE - LTE 库的开源实现: https://t.co/hnpEUGs8lI https://t.co/vdgLqshoEj "
Nicolas Krassas @Dinosn

[ Others ] Analysis of VM escape by using LUA script http://en.wooyun.io/2016/02/29/44.html

"LUA 脚本虚拟机逃逸技术分析： http://drops.wooyun.org/tips/12677 "
Frank Denis @jedisct1

[ Others ] An introduction to LLVM in Go https://blog.felixangell.com/an-introduction-to-llvm-in-go/

"用 LLVM 的 Go-Binding API 构建 LLVM IR， Blog： https://t.co/tEBaz3l98B "
Florian Roth @Cyb3rOps

[ Pentest ] JSRAT Simple JS Reverse Shell over HTTP for Windows http://seclist.us/jsrat-is-a-simple-js-reverse-shell-over-http-for-windows.html

"JSRAT - 一个简单的 Windows 反弹 Shell，基于 HTTP 协议： https://t.co/tUPO6P0jpf"
Binni Shah @binitamshah

[ Programming ] Collections-C : A library of generic data structures for C : https://github.com/srdja/Collections-C

"Collections-C ︰ C 语言常用数据结构收集，如 Array、List、HashTable 等， Github Repo ︰ https://t.co/oGG9iOenBC"
Thomas White @tribalchickenAU

[ ReverseEngineering ] Recovering BitLocker keys on Windows 8.1 and 10 (+ bonus @ volatility plugin which might work... Still a WiP) #dfir https://tribalchicken.com.au/technical/recovering-bitlocker-keys-on-windows-8-1-and-10/

"在 Windows 8.1 和 10 上还原 BitLocker 的加密密钥： https://t.co/Q0iNNhGuGW"
Nicolas Krassas @Dinosn

[ ReverseEngineering ] Detours, Trampolines, and Code Caves http://www.gironsec.com/blog/2016/03/detours-trampolines-and-code-caves/

"Detours, Trampolines, and Code Caves: https://t.co/DmMnhkhzKA"
jsoo @_jsoo_

[ ReverseEngineering ] BSides Orlando CTF Exploit Dance Challenge - http://tylerhalfpop.com/2016/03/12/blog-BSidesOrlando-CTF-Exploit-Dance.html by @ tylerhalfpop

"BSides Orlando 会议 CTF 逆向题 Writeup: https://t.co/07qvMv20ts"
ange @angealbertini

[ SecurityProduct ] on security software certification, by @ taviso http://blog.cmpxchg8b.com/2016/03/security-software-certification.html?m=1 https://t.co/XpAyW9krGL

"Project Zero 的 Tavis 谈安全软件与认证评测的事儿: https://t.co/YEDZJPNYzQ https://t.co/XpAyW9krGL"
Binni Shah @binitamshah

[ Tools ] x11fs : A tool for manipulating X windows : https://github.com/sdhand/x11fs

"x11fs ︰用于操作 X windows 的工具， Github Repo: https://t.co/7fC7yyXKwX"
Dmitriy Evdokimov @evdokimovds

[ Tools ] Intel SDE (Software Development Emulator). Uses Intel PIN and XED. https://software.intel.com/en-us/articles/intel-software-development-emulator

"Intel 基于 PIN 和 XED 的软件开发模拟器， PIN 是个指令插桩工具， XED 是个编码、解码器： https://t.co/SGLp7yF1cN"
Anders Abel @anders_abel

[ Windows ] @ webtonull It is a signature wrapping vulnerability: https://coding.abel.nu/2016/03/vulnerability-in-net-signedxml/

".NET SignedXML 存在 'XML Signature Wrapping' 漏洞(MS16-035/CVE-2016-0132): https://t.co/8BxjPg3Elk"
Binni Shah @binitamshah

[ Windows ] Introduction to Windows Kernel Exploitation : http://www.bluenotch.com/resources/SANS_Orlando_Kernel_Exploits_Sims.pdf (Slides) #b2b

"Windows 内核漏洞利用入门，来自 2013 年的 SANS Orlando 会议︰ https://t.co/yQOC0soPqQ "

2016/03/14