腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Android One Privilege Escalation https://packetstormsecurity.com/files/136436/GS20160325232718.tgz
"Android One 设备在处理无线驱动数据包时,不正确地调用 copy_from_user 触发内存破坏漏洞,成功利用这个漏洞可以实现 APP 到 Kernel 的提权, Project Zero Issue 678: https://bugs.chromium.org/p/project-zero/issues/detail?id=678"
-
[ Android ] jsifenum - A drozer module for enumerating Javascript Interfaces and methods https://github.com/droidsec/jsif-enumerator
"jsifenum - 用于枚举 Javascript 接口和方法的 Drozer 模块,这可以辅助检测 addJavascriptInterface 漏洞: https://t.co/ls48qUH4W5 "
-
[ Browser ] Very interesting on Chrome performance and iOS Safari being better, from the hammerjs maintainer https://blog.runspired.com/2016/03/25/the-chrome-distortion-chrome-alters-our-expectations-in-highly-negative-ways/ via @ nolanlawson
"这篇 Blog 分析了多款浏览器的性能,其中 Chrome 的性能已经明显低于 Safari 和 Edge: https://t.co/k5QlgVvhzE "
-
[ Defend ] Avoid getting owned by malicious ads and websites by following my secure browsing guide: http://gist.github.com/atcuno/3425484ac5cce5298932 #DFIR #infosec
"上网时如何避免自己遭到恶意广告、网站的攻击,同时保护好自己的隐私 ︰ https://t.co/XfrKf3loOQ "
-
[ Defend ] Blaze's Blog: Ransomware Prevention https://packetstormsecurity.com/news/view/26463/Blazes-Blog-Ransomware-Prevention.html
"从用户和公司两个角度谈如何预防勒索软件, 来自 Blaze Blog: https://t.co/3FbHvVfiT6"
-
[ Exploit ] x86-64 kernel code-reuse via debug exception/handler ctr flow http://digital-library.theiet.org/content/journals/10.1049/iet-ifs.2015.0372 [see https://twitter.com/daniel_bilar/status/240956978967478273 ] https://t.co/eKuJpaqi6C
"基于异常的代码重用攻击技术(EOP,作者表示 ROP 只能利用代码中的有限指令, EOP 则没有这个限制 ) https://t.co/afxJQIgYWX https://t.co/MmhW3F1hwq] https://t.co/eKuJpaqi6C "
-
[ IoTDevice ] Pwning a thin client in less than two minutes http://blog.malerisch.net/2015/04/pwning-hp-thin-client.html
"两分钟内攻破 HP Thin Client 设备,该设备用于为企业提供虚拟桌面服务: https://t.co/Y9FK57uVy2 "
-
[ Mac OS X ] New: TaskExplorer v1.4 https://objective-see.com/products/taskexplorer.html minor fixes++ Pic: KeRanger (orig. 0 AV flag) -packed/!signed =>shady https://t.co/DUcM0yxQ2O
"TaskExplorer v1.4 版本, TaskExplorer 是个 OS X 系统的任务、进程查看器: https://t.co/4RrHduBJ3i https://t.co/DUcM0yxQ2O"
-
[ Malware ] Samas : Ransomware with Psexec that moves laterally - the lines between targeted and commodity continue to blur. https://blogs.technet.microsoft.com/mmpc/2016/03/17/no-mas-samas-whats-in-this-ransomwares-modus-operandi/
"Samas 勒索软件的作案手法分析, 来自微软 TechNet Blog: https://t.co/vCvk0mMxDN"
-
[ Malware ] Advanced Persistent Bot activity on the rise - Help Net Security http://ow.ly/ZWdHU
"高级持久型 Bot 的活动频率在上升: https://t.co/2P9uE4SVG9"
-
[ Network ] New blog post: Reflections on the IPv6-only WiFi Experience during Troopers https://www.insinuator.net/2016/03/reflections-on-the-ipv6-only-wifi-experience-during-troopers/
"IPv6-only WiFi 体验的几点思考, 来自 Troopers 2016 会议: https://t.co/I4FmlkVDcp "
-
[ Pentest ] Fortigate Backdoor Password Calculator https://packetstormsecurity.com/files/136430/Forsploit.py.txt
"Fortigate 后门密码的计算器: https://t.co/HHqs2vnvYK"
-
[ SecurityProduct ] FireEye Malware Input Processor Privilege Escalation https://packetstormsecurity.com/files/136435/GS20160325232526.tgz
"FireEye MIP(Malware Input Processor) 子系统 Root 提权, Project Zero Issue 670: https://bugs.chromium.org/p/project-zero/issues/detail?id=670&can=1&q=fireeye "
-
[ ThreatIntelligence ] Just-Metadata - Intel Gathering and Analysis of IP Metadata https://www.christophertruncer.com/just-metadata-intel-gathering-and-analysis-of-ip-metadata/?utm_content=buffer824e3&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer
"从 IP 地址中分析和提权情报数据,找出 IP 地址直接的联系(如 Whois 信息、Geo 信息、VirusTotal 信息、Shodan 引擎数据): https://t.co/b716U24sNs"
-
[ Tools ] Introducing: Heralding - the credentials catching honeypot https://www.honeynet.org/node/1321
"Heralding - 用于捕获密码的蜜罐: https://t.co/6YZsFfDgFH "
-
[ Tools ] Caradoc - a PDF parser & validator - GPL, in OCaml by @ pictyeye et al. https://github.com/ANSSI-FR/caradoc https://t.co/KqK9yTdowx
"Caradoc - PDF 文件解析和检查工具: https://t.co/jgiXVxm0uC https://t.co/KqK9yTdowx"
-
[ Windows ] A sample project for make use of EPT -- DdiMon: Monitoring and controlling kernel API calls with stealth breakpoint https://github.com/tandasat/DdiMon
"DdiMon - 通过一个隐蔽的断点,监控 Windows 内核的 API 调用。 这个工具是 EPT(扩展页表)项目的一个子项目, Github Repo: https://t.co/YcjbMyFwmS"
-
[ Windows ] Just compiled this and yup... It is the Windows Research Kernel Source code. (Server 2003) https://github.com/hacksysteam/WRK-1.2 Happy Reading...
"Windows WRK 项目的源码(Server 2003), Github Repo: https://t.co/dBkWatRuaM "
