腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/03/16

Robert Swiecki @robertswiecki

[ Android ] honggfuzz 0.7 - ASAN code coverage for all OS, and Intel PT for Linux. OS: Linux, FreeBSD, Windows/Cygwin, MacOSX - https://github.com/google/honggfuzz/releases/tag/0.7

"honggfuzz 发布 0.7 版本, honggfuzz 是个通用型 Android Fuzz 工具, 支持 Linux、 Mac OS X、 Windows 等多种操作系统, 另外支持 AddressSanitizer 代码覆盖率评估、支持 Intel BTS、支持 AMD/Intel 指令/分支计数: https://t.co/dpiVGEQGOh"
PHR34K @unpacker

[ Attack ] Malvertising Campaign in US Leads to Angler Exploit Kit/BEDEP http://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-in-us-leads-to-angler-exploit-kitbedep/

"美国顶级新闻网站、娱乐门户、政治评论网站的用户受到恶意广告行动的攻击，跳转到 Angler Exploit Kit/BEDEP： https://t.co/qFuFpOZxG2 "
Fabio Assolini @assolini

[ Attack ] All your creds are belong to us The evolution of malware targeting Steam accounts https://securelist.com/blog/research/74137/all-your-creds-are-belong-to-us/ https://t.co/Tm5fL7pK5N

"所有账号信息都归我们了 - 针对 Steam 游戏平台的攻击行动, 来自 Kaspersky 的分析报告: https://t.co/ABPhMUDgQC https://t.co/Tm5fL7pK5N "
securxcess @securxcess

[ Attack ] Chrome Extension Caught Stealing Bitcoin from Users - UPDATE http://ow.ly/ZsBMj

"Chrome 扩展 BitcoinWisdom Ads Remover 在用户交易的时候会盗取用户的比特币, 来自 SoftPedia 的报道: https://t.co/DcXTvaJcqy"
securxcess @securxcess

[ Attack ] Ottawa Hospital computers infected by Ransomware virus http://ow.ly/ZsKVc

"加拿大渥太华医院的计算机感染勒索软件: https://t.co/jOzzeX4XSz"
attackresearch @attackresearch

[ Attack ] More Details on APT Ransomware http://carnal0wnage.attackresearch.com/2016/03/apt-ransomware.html

"APT 勒索软件攻击: https://t.co/w9YWprGQhZ 文章中引用了 Reuters 的一篇文章<美国勒索软件攻击背后的中国黑客>: http://www.reuters.com/article/us-china-ransomware-idUSKCN0WG2L5 "
J Wolfgang Goerlich @jwgoerlich

[ Cloud ] How to Reduce Security Threats and Operating Costs Using AWS WAF and Amazon CloudFront http://blogs.aws.amazon.com/security/post/Tx1G747SE1R2ZWE/How-to-Reduce-Security-Threats-and-Operating-Costs-Using-AWS-WAF-and-Amazon-Clou

"如何通过使用 AWS WAF 和 Amazon 云降低安全威胁和运营成本, 来自 Amazon AWS Blog: https://t.co/6MCadhvb14"
Andreas Lindh @addelindh

[ Crypto ] Great slides by @ martijn_grooten on "How Broken Is Our Crypto Really?" https://www.rsaconference.com/writable/presentations/file_upload/pdac-r02-how-broken-is-our-crypto-really_final.pdf

"RSA 2016 会议的演讲 <How Broken Is Our Crypto Really>: https://t.co/DbWevkLX2r"
Capstone Engine @capstone_engine

[ Debug ] ProDBG is a very cool debugger written in #Rust & uses Capstone inside! https://github.com/emoon/ProDBG (by @ daniel_collin) https://t.co/HQTeDpRbxb

"ProDBG - Rust 语言写的一个调试器, 支持多种操作系统, 目前还在开发中, Github Repo: https://t.co/dxdGK0iMRS https://t.co/HQTeDpRbxb"
ryanlrussell @ryanlrussell

[ Detect ] We sponsored an ESG survey on Incident Response Automation and Orchestration: http://blog.phantom.us/2016/03/15/new-research-finds-companies-ignore-majority-of-security-alerts/ #phantom

"Phantom 发布的企业安全应急响应调查报告︰ https://t.co/eta8vKMyMW 其中指出,大部分安全告警都被企业忽视掉了, 直接下载报告: https://drive.google.com/file/d/0B76__3ub6mzdM3V5UzBvSS1ZMVFmdTBoNFZfNEtKMVJQMmc0/view?pref=2&pli=1 "
switched @switch_d

[ Exploit ] Race Condition (TOCTOU) Vulnerability Lab http://resources.infosecinstitute.com/race-condition-toctou-vulnerability-lab/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+infosecResources+%28InfoSec+Resources%29

"Exploit 竞争条件漏洞(TOCTOU), 来自 InfoSec Blog: https://t.co/bRRCsN67Z9"
Pawel Wylecial @h0wlu

[ Fuzzing ] nice detailed post about afl usage http://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/

"一篇非常详细的 AFL Fuzz 使用手册， Blog： https://t.co/BgRb0SKUJD "
Nicolas Krassas @Dinosn

[ Hardware ] How Keyless Entry Lets Cybercriminals Hack Your Connected Car https://blogs.mcafee.com/consumer/keyless-entry-car-hacks/

"无钥匙进入功能是如何让犯罪份子 Hack 你的汽车的, 来自 McAfee Blog: https://t.co/mPC2q5bd6i"
Per Thorsheim @thorsheim

[ iOS ] New blog post: "Fingerprint as a trojan" https://godpraksis.no/2016/03/fingerprint-trojan/ Please RT! Comments wanted.

"指纹木马 - 你检查过你手机的 iOS Touch ID 吗? 没准别人已经把自己的指纹添加到你的手机上了: https://t.co/9bOmO7uwV6 "
Ptrace Security GmbH @ptracesecurity

[ Linux ] A New, In-Kernel Debugger Proposed For Linux 4.6 http://www.phoronix.com/scan.php?page=news_item&px=In-Kernel-Debugger-Linux-4.6 #linux #kernel #debugger #exploitdev #hacking #infosec @ phoronix

" Linux 内核 4.6 版本将加入一个 'In-Kernel Debugger' 新特性： https://t.co/VxL5SqPZlX "
Jóseph Mlodzìanowskì @cedoxX

[ Malware ] Android banking trojan poses as Flash Player http://www.welivesecurity.com/2016/03/14/security-review-android-banking-trojan-poses-flash-player/

"冒充 Flash Player 的 Android 银行木马，来自 WeLiveSecurity 的分析： https://t.co/O4mer1xRei"
Hacker Tools ☣ @KitPloit

[ Network ] OnionCat - An Anonymous VPN-Adapter (P2P layer 3 VPN based on Tor or I2P): OnionCat is a VPN-adapter ... http://bit.ly/22gIJll #PenTest

"OnionCat - 匿名 VPN 适配器, 基于 Tor 和 I2P 协议: https://t.co/aFVjcSPlsm "
Larry W. Cashdollar @_larry0

[ NetworkDevice ] nice command injection on a Netgear router https://github.com/0x3d5157636b525761/bezeq_netgear_exploit_poc_2016/blob/master/bezeq_poc.html

"Netgear DGN2200 路由器 Exploit PoC， Github Repo： https://t.co/N2nxYSn6Zo"
kkotowicz @kkotowicz

[ Others ] Bughunters, we released the slides from the "Secrets of Google VRP" training delivered at #Nullcon - https://sites.google.com/site/bughunteruniversity/behind-the-scenes/secrets-of-google-vrp.

"Google VRP 的秘密, VRP 全称是 Vulnerability Reward Program, 漏洞奖励计划. CSRF 漏洞怎样才能比栈缓冲区溢出危害更大呢? 为什么不奖励开放跳转漏洞呢? XSS 也不都是一样的. 这些问题的答案都在这: https://t.co/73otQa4Blf "
securxcess @securxcess

[ Others ] Understanding Consumer Behaviour from Wi-fi Insights | Fortinet Blog http://ow.ly/ZsKRa

"通过分析 WiFi 的数据,可以了解消费者的行为, 来自 FortiNet Blog: https://t.co/wTE6JnMAjf"
Victor Stinner @VictorStinner

[ Others ] Python 3.6 gets a builtin memory debugger https://docs.python.org/dev/whatsnew/3.6.html#pythonmalloc-environment-variable Detect buffer under/over-flow, fill memory with a byte pattern, etc.

"Python 3.6 版本发布，发布日志： https://t.co/VEsYDwLxHg 新版本添加了一个 PYTHONMALLOC 环境变量支持，可以通过该环境变量指定内存分配器或者安装内存 Hooks"
Eric Lawrence @ericlaw

[ Others ] One cool feature of the new HTTPS Transparency Report is the Certificate Transparency query tool: https://www.google.com/transparencyreport/https/ct/?hl=en

"Google 的证书透明项目提供了一个查询证书信息的工具︰ https://t.co/ptZfLPUNYz"
Sean Metcalf @PyroTek3

[ Pentest ] Sneaky #ActiveDirectory Persistence Methods: Leveraging Group Policy to Retain Domain Admin https://adsecurity.org/?p=2716 https://t.co/LJcJz35pg4

"Active Directory 攻击维持技术 Part 17 - 利用组策略维持域管理员权限： https://t.co/fi20j2zM2I https://t.co/LJcJz35pg4"
Nicolas Krassas @Dinosn

[ Pentest ] Embedding EXE files into PowerShell scripts https://truesecdev.wordpress.com/2016/03/15/embedding-exe-files-into-powershell-scripts/

"如何将 EXE 文件嵌入 PowerShell 脚本： https://t.co/5at44GQDsH"
Nicolas Krassas @Dinosn

[ SecurityProduct ] Bypassing Antivirus With Ten Lines of Code http://www.attactics.org/2016/03/bypassing-antivirus-with-10-lines-of.html

"10 行代码绕过杀毒软件, VirusTotal 0/56, Blog: https://t.co/w1PdfPlVDm"
Nicolas Krassas @Dinosn

[ Tools ] An open source, multi-architecture ROP compiler using pyvex https://github.com/jeffball55/rop_compiler/tree/master/pyrop

"pyrop - 一个支持多种架构的 ROP 生成器： https://t.co/j73SQzs2gh"
Nicolas Krassas @Dinosn

[ Web Security ] Yahoo! Plugs Mail Spoofing Bug https://packetstormsecurity.com/news/view/26425/Yahoo-Plugs-Mail-Spoofing-Bug.html

"雅虎邮箱发件人欺骗 Bug, 来自 TheRegister 的报道: https://t.co/NdwwNesG4Y"
R136a1 @TheEnergyStory

[ Windows ] H1N1 loader v2 | Rewrote UAC bypass method and "new" trick to elevate privileges via WMI console http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3851#p28028

"H1N1 loader v2 版本 - 通过 WMI 控制台绕过 UAC，来自 KernelMode 论坛： https://t.co/n7QEEnCrFF "
Nicolas Krassas @Dinosn

[ Windows ] Windows Kernel ATMFD.DLL OTF Font Processing Stack Corruption (MS16-026) https://cxsecurity.com/issue/WLB-2016030081

"Windows 内核 ATMFD.DLL OTF 字体处理栈破坏漏洞 (MS16-026)，来自 Project Zero Issue 682： https://t.co/MhUIPcoZm6"

2016/03/16