腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/03/24

Chairman May watches @ChrisBulow

[ Android ] Android v. Stagefright? The latter is still winning. https://blog.zimperium.com/reflecting-on-stagefright-patches/ HT @ zimperium https://t.co/buL5jb7dJk

"Android Stagefright 漏洞补丁的数据分析，包括各个国家的修复比例对比： https://t.co/Zv442nGhPQ https://t.co/buL5jb7dJk"
argp @_argp

[ Android ] CENSUS advisories (+ trigger files) for Android libstagefright bugs CVE-2016-0816 and CVE-2016-0824 are now public: https://census-labs.com/news/tag/advisories/

"Android libstagefright CVE-2016-0816 和 CVE-2016-0824 漏洞的细节，来自 CENSUS 的漏洞公告︰ https://t.co/gUxHKjZ3XK"
FireEye @FireEye

[ Attack ] Attacking like a professional http://bddy.me/1RkAc9Y #FEYERedTeam #DFIR https://t.co/LYk9Fz9yQL

"Attacking like a professional，来自 FireEye Blog: https://t.co/9KDd1qZZeP https://t.co/LYk9Fz9yQL"
TrendLabs @TrendLabs

[ Attack ] New post: Indian Military Personnel Targeted by “Operation C-Major” Information Theft Campaign http://bit.ly/1o6aiOK @ TrendMicro

"针对印度的 'C-Major' 定向攻击行动中， 160 位军事官员的纳税信息、证件照、护照扫描件遭到窃取。 Trend Micro 怀疑这次行动背后的攻击者在巴基斯坦： https://t.co/oZvpWDStRJ "
jsoo @_jsoo_

[ Challenges ] Wow, Google Organising a CTF. https://capturetheflag.withgoogle.com/

"Google 将在 4 月底办一次 CTF 比赛： https://t.co/qz1sz1QySK"
Iván @aszy

[ Crypto ] Unboxing the White-Box Practical attacks against Obfuscated Ciphers https://www.blackhat.com/docs/eu-15/materials/eu-15-Sanfelix-Unboxing-The-White-Box-Practical-Attacks-Against-Obfuscated-Ciphers-wp.pdf

"针对混淆密码的攻击实战 - 白盒攻击模型，来自 BlackHat Europe 2015 会议： https://t.co/4Td4SsEITE "
David Wong @lyon01_david

[ Crypto ] my Ephemeral Diffie-Hellman backdoor works!!!! ( https://github.com/mimoo/Diffie-Hellman_Backdoor ) https://t.co/R7F0CsoPSZ

"如何在 Diffie Hellman 加密算法中放后门， Github： https://t.co/9jy7miUTj2 https://t.co/R7F0CsoPSZ"
Alyosha Sintsov @asintsov

[ Hardware ] BlackBox Testing CAN network with help of CANToolz (https://github.com/eik00d/CANToolz - beta) http://www.slideshare.net/AlexeySintsov/testing-can-network-with-help-of-cantoolz

"在 CANToolz 的帮助下黑盒测试 CAN 网络， Slides: https://t.co/JbLebZKrf6 CANToolz Github Repo： https://t.co/UfdLnTeRvC "
Full Disclosure @SecLists

[ iOS ] Facebook Messenger (iOS) Certificate Validation Vulnerability http://goo.gl/fb/WnhE8c #FullDisclosure

"Facebook 社交软件 Messenger (iOS) 证书验证漏洞，可被中间人攻击。来自 FullDisclosure 的公告： https://t.co/64bEUwonXF "
MWR Labs @mwrlabs

[ IoTDevice ] LoRa Security Whitepaper: Building a secure LoRa solution - https://labs.mwrinfosecurity.com/publications/lo

"LoRa 解决方案以及 LoRaWAN 协议的安全分析、评估，来自 MWR Labs 在 Syscan360 会议的演讲： https://t.co/ADn71CcdRq LoRa 是一种物联网通信解决方案"
Binni Shah @binitamshah

[ Linux ] Securing Debian Manual : https://www.debian.org/doc/manuals/securing-debian-howto/securing-debian-howto.en.pdf (pdf)

"Debian 安全加固手册︰ https://t.co/3Izu0BqK55 "
Andrey Karpov @Code_Analysis

[ Linux ] Analyzing Samba with PVS-Studio on Linux. http://emacsdump.blogspot.ru/2016/03/running-pvs-studio-on-samba.html (#samba, #pvsstudio, #opensource, #codeanalysis, #programming)

"用 PVS-Studio 在 Linux 平台分析 Samba 项目： https://t.co/gGhwv2norX "
Nicolas Krassas @Dinosn

[ Mac OS X ] OS X Kernel AppleKeyStore Use-After-Free https://packetstormsecurity.com/files/136356/GS20160322234851.tgz

"通过两个线程的竞争态可以触发 OS X 内核 AppleKeyStore IOCommandGate UAF 漏洞： https://t.co/up5Xln4Lpq"
Stefan Esser @i0n1c

[ Mac OS X ] OS X El Capitan - Sinking the S\H/IP https://www.slideshare.net/mobile/i0n1c/syscan360-stefan-esser-os-x-el-capitan-sinking-the-ship

"OS X Capitan - 沉了这艘船（SHIP，双关用法，也指代 SIP - OS X 系统完整性保护特性），来自 Stefan Esser 在 Syscan360 会议的演讲： https://t.co/geL9wuyfVt"
Full Disclosure @SecLists

[ Mac OS X ] APPLE-SA-2016-03-21-7 OS X Server 5.1 http://goo.gl/fb/CB35h2 #FullDisclosure

"Apple OS X Server 5.1 漏洞公告，来自 FullDisclosure： https://t.co/O2Mu3INnpT "
Nicolas Krassas @Dinosn

[ Malware ] SamSam: The Doctor Will See You, After He Pays The Ransom http://blog.talosintel.com/2016/03/samsam-ransomware.html

"SamSam 勒索软件︰他支付赎金后，医生就会给你看病了，来自 Talos Blog： https://t.co/MXzHpDaN55"
Huntress Labs @HuntressLabs

[ Malware ] Check out how Kovter #malware abuses mshta.dll, JavaScript, PowerShell, WMI & RegSvr32 for a "fileless" #foothold. http://blog.airbuscybersecurity.com/post/2016/03/FILELESS-MALWARE-%E2%80%93-A-BEHAVIOURAL-ANALYSIS-OF-KOVTER-PERSISTENCE

" Kovter 恶意软件不再释放/创建任何文件，仅通过注册表就实现持久性的控制： https://t.co/kUEiQXgMSW"
Anton Cherepanov @cherepanov74

[ Malware ] New self-protecting USB trojan able to avoid detection http://www.welivesecurity.com/2016/03/23/new-self-protecting-usb-trojan-able-to-avoid-detection/

"具有自我保护功能的 USB 木马，来自 WeLiveSecurity Blog： https://t.co/59CdRv5vwk"
PHR34K @unpacker

[ Malware ] W97M Downloader Serves Vawtrak Malware https://blogs.mcafee.com/mcafee-labs/w97m-downloader-serving-vawtrak/

"W97M 恶意代码家族的下载器样本中内嵌 Vawtrak 恶意软件，来自 McAfee Blog： https://t.co/NKe0mon28c"
PHR34K @unpacker

[ Malware ] A look at Locky ransomware http://research.zscaler.com/2016/03/a-look-at-locky-ransomware.html

"Zscaler 对 Locky 勒索软件的分析： https://t.co/dU5yDlJ4Uy"
Rapid7 @rapid7

[ Network ] New findings from our data science team: Topology of Malicious Activity on IPv4 [BLOG] http://bit.ly/1pz2KVK

"IPv4 上的恶意活动拓扑结构，来自 Rapid7 Blog： https://t.co/jXOXY3PAkc"
Nicolas Krassas @Dinosn

[ Network ] TLS Certificate Optimization: The Technical Details behind "No Browser Left Behind" https://blog.cloudflare.com/tls-certificate-optimization-technical-details/

"TLS 证书优化 - CloudFlare '一个浏览器也不落下' 计划背后的技术细节： https://t.co/DEybv8w1h7 "
mitp0sh ( みとぽしゅ ) @mitp0sh

[ Others ] Quite a nice summary of protections: http://hypervsir.blogspot.sg/2014/10/introduction-on-hardware-security.html?m=1

"x86/ARM 体系架构硬件相关的几个保护特性总结， 2014 年的一篇 Blog ︰ https://t.co/9vgBLKXriW"
Nicolas Krassas @Dinosn

[ Popular Software ] Adobe Flash Zlib Codec Heap Overflow https://packetstormsecurity.com/files/136361/GS20160322235529.tgz

"Adobe Flash Zlib 编解码器堆溢出： https://t.co/SpxsWEnd7b Project Zero Issue 720: https://bugs.chromium.org/p/project-zero/issues/detail?id=720 "
Suto @__suto

[ Popular Software ] Foxit Reader 7.3.0 UAF PoC ( Patched in latest version) #DailyBug #Foxit http://www.vnsecurity.net/research/2016/03/23/Foxit-Reader-730-use-after-free.html

"福昕阅读器 7.3.0 UAF PoC： https://t.co/SrtDvBGVoF 在最新版 7.3.4 中已经修复"
Source Incite @sourceincite

[ Popular Software ] Foxit Reader <= 7.3.0 ObjStm decode Use-After-Free Remote Code Execution 1day! http://sourceincite.com/2016/03/23/foxit-reader-7-3-0-objstm-decode-use-after-free-remote-code-execution-1-day/

"福昕阅读器 7.3.0 Object Stream 解码 UAF RCE： https://t.co/IDK4keUUKG 作者的这个 0Day 在 7.3.4 版本被 Kill 掉了，所以作者决定公布出来"
Nicolas Krassas @Dinosn

[ SecurityProduct ] Comodo Antivirus Composite Document Parsing Heap Overflow https://packetstormsecurity.com/files/136368/GS20160323002103.tgz

"Comodo 反病毒软件在解析复合文档时存在整数溢出漏洞： https://t.co/CozfYbcT3H Project Zero Issue 762: https://bugs.chromium.org/p/project-zero/issues/detail?id=762 "
Nicolas Krassas @Dinosn

[ SecurityProduct ] Comodo Antivirus LZMA Decoder Heap Overflow https://packetstormsecurity.com/files/136369/GS20160323002237.tgz

"Comodo 反病毒软件在解析 LZMA 格式时存在堆溢出： https://t.co/cg0fZ9Fron Project Zero 763: https://bugs.chromium.org/p/project-zero/issues/detail?id=763 "
Ram Shankar @ram_ssk

[ ThreatIntelligence ] @ JohnLaTwC @ MattT_Cyber @ 4Dgifts And 12 years later, we added the power of @ MSAdvAnalytics to it http://www.slideshare.net/RamShankarSivaKumar/transforming-incident-response-to-intelligent-response-using-graphs

"图表如何帮助你从事件响应转变到情报响应： https://t.co/RC6w3oHqYF"
Daniel Bilar @daniel_bilar

[ Tools ] MS open sources Visual Studio Productivity Power Tools https://github.com/Microsoft/VS-PPT

"微软开源了一个 Visual Studio 扩展 VS-PPT - 这个工具用于提高开发者的生成效率： https://t.co/5GRD35lOtU"
Binni Shah @binitamshah

[ Tools ] Burp Suite For Beginners : http://hack-ed.net/2016/01/09/burp-suite-for-beginners/

"Burp Suite 入门指南︰ https://t.co/i0VuL35o3t"
Nicolas Krassas @Dinosn

[ Web Security ] Classic Web Vulns Found in Google Search Appliance 7.4 https://www.insinuator.net/2016/03/classical-web-vulns-found-in-google-search-appliance-7-4/

"GSA(Google Search Appliance) 7.4 版本被发现了几个经典的 Web 漏洞： https://t.co/U44e430jhE"
FireEye @FireEye

[ Web Security ] 99 Problems but Two-Factor Ain’t One http://bddy.me/25m607O #FEYERedTeam #DFIR https://t.co/7H1QyCIzsz

"双因素认证对于远程访问权限的控制是个绝佳的实践。但它真的绝对可靠吗？来自 FireEye 的这篇 Blog 站在攻击者的角度来看双因素认证，讨论了如何在不接触内部环境下绕过它的认证，以及如何获取认证后远程设备的控制权限： https://t.co/bSyG3tcsmT https://t.co/7H1QyCIzsz"
Jack Whitton @fin1te

[ Web Security ] Uber Bug Bounty: Turning Self-XSS into Good-XSS - https://fin1te.net/articles/uber-turning-self-xss-into-good-xss/ #bugbounty #xss #uber

"Uber Bug Bounty ：将 Self-XSS 变成 Good-XSS： https://t.co/WN4IF6ZdiU "
LE BERRE Stéfan @Heurs

[ Windows ] @ WEareTROOPERS @ kiqueNissim HAL+Paging exploitation... it remind me something... https://drive.google.com/file/d/0B3P18M-shbwrNWZTa181ZWRCclk :p

"Remotely Bypassing Kernel ASLR (Windows 10)： https://t.co/Xak2TewjuQ "
Darkoperator @Carlos_Perez

[ Windows ] Continuing the series on building a AD Audit #PowerShell module http://www.darkoperator.com/blog/2016/3/18/lxlzwnjiti3c4w7zj1uh8lc3lsv7cg

"写一个 Active Directory 审计模块 - 获取 DirectoryEntry 对象： https://t.co/D51FfLR3gD"

2016/03/24