腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/03/15

jsoo @_jsoo_

[ Android ] 安卓微信、QQ自带浏览器 UXSS 漏洞 - http://blog.knownsec.com/2016/02/android-weixin-qq-uxss/ by @ 80vul

"安卓微信、QQ自带浏览器 UXSS 漏洞 - https://t.co/KvNEYbaQAK by @80vul"
Full Disclosure @SecLists

[ Android ] Releasing Mobile Security Framework (MobSF) v0.9 http://goo.gl/fb/BoQCfh #FullDisclosure

"用移动安全框架 MobSF 自动化地测试手机应用, MobSF 支持 Android 和 iOS, 来自 FullDisclosure 的介绍: https://t.co/Yb8Ee3mhvj Github Repo: https://github.com/ajinabraham/Mobile-Security-Framework-MobSF 作者在 Nullcon Goa 2016 会议上的演讲: http://www.slideshare.net/ajin25/nullcon-goa-2016-automated-mobile-application-security-testing-with-mobile-security-framework-mobsf "
Unit 42 @Unit42_Intel

[ Attack ] #Unit42 finds Digital Quartermaster scenario demonstrated in attacks against the Mongolian Government http://bit.ly/1TJhU7U

"数字军需官与针对蒙古政府的攻击, Palo Alto 监测发现 2015 年 8 月至 2016 年 2 月期间,攻击者发送了大量的地缘政治主题的钓鱼邮件、文档攻击蒙古政府: https://t.co/7BdxvJHMTh "
Nicolas Grégoire @Agarri_FR

[ Browser ] XSLT strikes again: UAF in Firefox (CVE-2016-1964) https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/

"XSLT 又来了 - 本月 Firefox 45 版本修复的漏洞中又出现了一个 XSLT 相关的 UAF 漏洞 (CVE-2016-1964)： https://t.co/hByeHqAYns"
bugcrowd @Bugcrowd

[ Conference ] [Slides] Bug Bounty Hunter Methodology - Nullcon 2016 http://bgcd.co/1pijLn7 @ Nullcon #Nullcon https://t.co/yYF6KBxXd9

"Bug Bounty Hunter 的方法论，来自 Nullcon 2016 会议： https://t.co/VkYP5RXXdu https://t.co/yYF6KBxXd9"
NCC Group US InfoSec @NCCsecurityUS

[ Crypto ] Read our latest WHITEPAPER: "The Importance of a Cryptographic Review” #crypto http://bit.ly/1SN7Mtz

"Review 加密实现的重要性, 来自 InfoSec: https://t.co/44Sg7ZtCTf"
Binni Shah @binitamshah

[ Detect ] Abusing File Processing in Malware Detectors for Fun and Profit : http://www.cs.cornell.edu/~shmat/shmat_oak12av.pdf (pdf)

"这篇 Paper 分析了两种逃逸恶意软件检测的方法。第一种是通过混淆检测工具的文件类型处理，第二种是利用真实应用和检测工具在文件格式解析上的差异︰ https://t.co/UhhbsHie9q "
Binni Shah @binitamshah

[ Exploit ] Writing JIT Shellcode for fun and profit : http://www.dsecrg.com/files/pub/pdf/Writing%20JIT-Spray%20Shellcode%20for%20fun%20and%20profit.pdf (pdf) #b2b

"Writing JIT Shellcode for fun and profit（2010 年），作者为 Alexey Sintsov ︰ https://t.co/uSO0rwxT2d 还有两篇相关的演讲 Slides： http://dsecrg.com/files/pub/pdf/HITB%20-%20JIT-Spray%20Attacks%20and%20Advanced%20Shellcode.pdf http://www.semantiscope.com/research/BHDC2010/BHDC-2010-Paper.pdf "
Nicolas Krassas @Dinosn

[ Forensics ] Ineluctable Modality of Linux Audit(d) https://strcpy.net/audit.pdf

"Linux 审计不可避免的形态, Slides: https://t.co/Xf6kvE72NC"
Lucas Leong @_wmliang_

[ Fuzzing ] afl+concolic=driller https://www.internetsociety.org/sites/default/files/blogs-media/driller-augmenting-fuzzing-through-selective-symbolic-execution.pdf

"通过 Fuzzing 和有选择地符号执行结合的方式挖掘漏洞, Paper: https://t.co/8u6phUeGkm"
Nicolas Krassas @Dinosn

[ iOS ] Dumping Memory on iOS 8 https://blog.netspi.com/dumping-memory-on-ios-8/

"Dump iOS 8 的内存, Blog: https://t.co/HwuCd26SHX"
Iván @aszy

[ IoTDevice ] Applying Bytecode Level Automatic Exploit Generation to Embedded Systems http://www.cosc.canterbury.ac.nz/research/reports/HonsReps/2015/hons_1504.pdf

"在嵌入式系统应用 Bytecode 级别的 Exploit 自动生成技术， Paper： https://t.co/KJw0HQvG39"
Sasha Goldshtein @goldshtn

[ Linux ] Slides from yesterday's talks at kTLV on Linux tracing and Windows internals: https://s.sashag.net/ktlv0316 (demo scripts in the slide notes)

"现代 Linux 系统的执行路径跟踪技术（Tracing）： https://www.dropbox.com/sh/zn4w6hkjkvlyaom/AABJv0iElA7idHxD5_b1yqp5a/Modern_Linux_Tracing_Landscape.pptx?dl=0 写给 Linux 内核开发者的 Windows 内幕介绍： https://www.dropbox.com/sh/zn4w6hkjkvlyaom/AACatbQEfKJR5h2U8l_iPc8Pa/Windows_Internals_for_Linux.pptx?dl=0 "
Binni Shah @binitamshah

[ MalwareAnalysis ] Modern Malware for Dummies : https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/education/MM%20for%20Dummies%20Unlimited%20Download%20eBook%20File.pdf (pdf - 7.7 Mb)

"Modern Malware for Dummies - 写给小白的恶意软件分析入门书，讨论恶意软件的特征、检测方法、防护方法︰ https://t.co/qMLaBY4HBN "
Enno Rey @Enno_Insinuator

[ Network ] Slides of @ AntoniosAtlasis #TR16 IPv6 Sec Summit "The Impact of Extension Headrs on IPv6 ACLs - Real Life Use Cases" https://www.ernw.de/download/TR16_AAtlasis_The_Impact_of_Extension_Headers_on_IPv6_Access_Control_Lists.pdf

"IPv6 ACLs 扩展头部的影响 - 实际案例分析: https://t.co/1eiE6uCSKe"
Enno Rey @Enno_Insinuator

[ Network ] Slides of my @ WEareTROOPERS #TR16 IPv6 Sec Summit talk on "Enterprise IPv6 Security Strategy": https://www.ernw.de/download/ERNW_TR16_IPv6SecSummit_Enterprise_Security_Strategy.pdf [PDF]

"企业 IPv6 安全战略, 来自 Troopers IPv6 安全峰会︰ https://t.co/06JfHY4WRc "
Full Disclosure @SecLists

[ NetworkDevice ] Netgear CG3000 modem/router set password vulnerability http://goo.gl/fb/rLtqlY #FullDisclosure

"Netgear CG3000 有线调制解调器密码修改漏洞(CSRF), 来自 FullDisclosure 的公告: https://t.co/JoPkIUUsaH "
Binni Shah @binitamshah

[ Obfuscation ] Binary code obfuscation through C++ template metaprogramming : https://eden.dei.uc.pt/~sneves/pubs/2012-snfa2.pdf (pdf)

"基于 C++ 模板元编程的二进制代码混淆技术， Paper ︰ https://t.co/rAyoR4U8qJ "
Casey Smith @subTee

[ Others ] Reminder...Code samples for my talk on Application Whitelisting Evasion. Its here: https://github.com/subTee/Troopers2016 Come armed with questions! #TR16

"Casey Smith 在 Troopers 2016 会议演讲<应用白名单逃逸技术>的 PoC 代码︰ https://t.co/11RM8v4HDK "
Binni Shah @binitamshah

[ Others ] Introduction to Compilers : http://www.keithschwarz.com/cs143/WWW/sum2011/

"斯坦福大学 Keith Schwarz 讲师的编译器课程(CS143)︰ https://t.co/64I9cbad1s"
Nicolas Krassas @Dinosn

[ Others ] 0CTF 2016 Write Up: Monkey (Web 4) http://w00tsec.blogspot.com/2016/03/0ctf-2016-write-up-monkey-web-4.html

"0CTF 2016 Writeup: Monkey (Web 4): https://t.co/ErgGI6m7H3"
Frederik B @freddyb

[ Others ] Nice post by Muneaki Nishimura: Exploiting XSS/HTML injection in Firefox OS (proprietary features weakened the CSP) https://gist.github.com/nishimunea/264695161a6796f1912f

"Exploiting XSS/HTML injection in Firefox OS （日文）（CVE-2015-2745）： https://t.co/PBlgBvbQSn Mozilla Bug 1101158： https://bugzilla.mozilla.org/show_bug.cgi?id=1101158 "
jsoo @_jsoo_

[ ThirdParty ] PyYAML 对象类型解析导致的命令执行问题 - http://blog.knownsec.com/2016/03/pyyaml-tags-parse-to-command-execution/ by RickGray

"PyYAML 对象类型解析导致的命令执行问题 - https://t.co/pJfwtqIYK8 "
Full Disclosure @SecLists

[ ThirdParty ] CVE-2016-3116 - Dropbear SSH xauth injection http://goo.gl/fb/BNJ2Cc #FullDisclosure

"Dropbear SSH 存在 xauth 注入漏洞（CVE-2016-3116），来自 FullDisclosure 的公告： https://t.co/bGp231EGRS "
Capstone Engine @capstone_engine

[ Tools ] Another exploitation tool by @ 0xspx to find ROP gadgets for ARM using Capstone inside! https://github.com/0xspx/armroper

"armroper - ARM 平台 ROP Gadgets 搜索工具， Github Repo： https://t.co/hmdQP0nuNa"
Nicolas Krassas @Dinosn

[ Tools ] Detect DNS Tunneling done by tools such as iodine with ELK stack + Packetbeat and Watcher https://github.com/elastic/examples/tree/master/packetbeat_dns_tunnel_detection

"用 Packetbeat 和 Watcher 工具检测 DNS 隧道数据窃取行为, Github Repo: https://t.co/QHvzBBYLk4 Blog: https://www.elastic.co/blog/detecting_dns_tunnels_with_packetbeat_and_watcher "
Andrew Righter @theqlabs

[ Tools ] Hands-on with the #BinaryNinja #API - http://arm.ninja/2016/03/08/intro-to-binary-ninja-api/ - #Android #Security #netsec - as always, thanks for reading!

"Binary Ninja, 之前推送过这个工具, 这是个集成化的二进制逆向分析工具,支持二进制、16 进制编辑器, 支持反汇编, 支持 Shellcode 生成器等. 官网: https://binary.ninja/ 现在这个工具支持通过 API 交互了: https://t.co/JchYT4XY6p "
Capstone Engine @capstone_engine

[ Tools ] Some nice Valgrind tools by @ doegox use Capstone inside to collect execution trace of processes! https://github.com/SideChannelMarvels/Tracer/tree/master/TracerGrind

"TracerGrind - 用于 Trace 进程执行路径的 Valgrind 插件, 目前已经在 X86, X86_64 和 ARM 上测试过: https://t.co/6PcBjGBnNs"
sdrsharp @sdrsharp

[ WirelessSecurity ] I wrote the modern version of the "Poor man's Spectrum Analyzer" for Airspy: http://airspy.com/download https://t.co/biG09fi8rv

"穷人的频谱分析仪 - Airspy 下载: https://t.co/q200lJ0wdh https://t.co/biG09fi8rv"

2016/03/15