腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/03/28

Zuk @ihackbanme

[ Android ] Generic Stagefright exploit for CVE-2015-3864 released ! git clone https://github.com/NorthBit/Metaphor Vulnerable % by country: https://blog.zimperium.com/reflecting-on-stagefright-patches/

"Android Stagefright CVE-2015-3864 通用 Exploit： https://t.co/r3IS7vw6ZA 各个国家的补丁修复情况对比︰ https://t.co/MDybVZPZgS"
Binni Shah @binitamshah

[ Android ] Samdunk - the eMMC backdoor vulnerability used to unlock the Galaxy S5 Bootloader : http://theroot.ninja/disclosures/SAMDUNK_1.0-03262016.pdf (pdf)

"Samdunk - 用于解锁三星 Galaxy S5 Bootloader 的 eMMC 后门漏洞︰ https://t.co/ZjJxRawzvq "
Nicolas Krassas @Dinosn

[ Android ] Remotely Exploitable Flaw in Truecaller Leaves 100 Million Android Devices Vulnerable http://securityaffairs.co/wordpress/45701/hacking/truecaller-remotely-exploitable-flaw.html

"Android 呼叫管理应用 Truecaller 存在远程可以利用的漏洞， 1 亿 Android 设备受影响： https://t.co/YuTWhsnjzQ "
Matthew Green @matthew_d_green

[ Crypto ] Neat post: using power analysis techniques to break white box cryptography (without much effort) via @ Insinuator https://www.insinuator.net/2016/03/how-to-crack-a-white-box-without-much-effort/

"如何使用功率分析技术破解白盒加密（不用费多大劲儿）： https://t.co/TOwlDfDzl1 "
MalwareKiwi @MalwareKiwi

[ Detect ] Great #ClamAV tutorial from @ malwareforme! http://malwarefor.me/writing-signatures-for-clam-av-0-99-a-tutorial/

"为 ClamAV 反病毒引擎写规则特征： https://t.co/sX8rjXWiWX"
WooYun Drops @wooyunsec

[ Hardware ] @ GouWangwang working on embedded -- KACO Power Inverter System XP100U http://en.wooyun.io/2016/03/16/46.html

"狗汪汪玩转嵌入式 -- KACO 电源逆变器系统 XP100U，来自乌云 Drops： http://drops.wooyun.org/tips/13578"
Jonathan Ździarski @JZdziarski

[ iOS ] NAND “Mirroring” Concept Demonstration #2 - iOS 9.0 | Now with unlock at the end https://www.youtube.com/watch?v=EAkJNLqqzaE

"iOS 9.0 NAND 镜像攻击，通过硬盘内容复写实现无限制的锁屏密码尝试， Youtube 视频： https://t.co/VIOYtLV9MX"
deroko @deroko_

[ Linux ] From AArch32 to AArch64 and back : https://github.com/deroko/switch and detailed description https://github.com/deroko/switch/blob/master/switch.txt

"从 AArch32 调用 AArch64（也能切换回来）︰ https://t.co/u9OhBZNJXy 详细的描述文档： https://t.co/goRlqbc72X"
Nicolas Krassas @Dinosn

[ Linux ] Fishing for Hackers: Analysis of a Linux Server Attack https://sysdig.com/blog/fishing-for-hackers/

"等黑客上钩 - 一次 Linux 服务器攻击案例分析，作者很好奇黑客真正攻破服务器之后会干些什么，于是将一台服务器暴露给黑客，等待来袭： https://t.co/mZP39tynh4 "
Hacker Fantastic @hackerfantastic

[ Linux ] CVE-2016-1531 exploit "PERLIO_DEBUG=/root/.ssh/authorized_keys /usr/exim/bin/exim -ps" - write to any file as root https://t.co/3sQggdKwV4

"CVE-2016-1531 Exploit，以 Root 权限写任意文件 -> "PERLIO_DEBUG=/root/.ssh/authorized_keys /usr/exim/bin/exim -ps" https://t.co/3sQggdKwV4"
PHR34K @unpacker

[ Malware ] Surge in Spam Campaign Delivering Locky Ransomware Downloaders http://www.fireeye.com/blog/threat-research/2016/03/surge_in_spam_campai.html

"FireEye 最近检测到 Locky 勒索软件下载器出现峰值，这些下载器通过邮件传播： https://t.co/ShTqeOWtCv "
Binni Shah @binitamshah

[ Others ] Summary of Attacks Against BIOS and Secure Boot : http://www.c7zero.info/stuff/DEFCON22-BIOSAttacks.pdf (pdf)

"BIOS 和 Secure Boot 攻击总结，来自作者在 DEFCON 22 会议的演讲︰ https://t.co/DrHkGJRMlw "
Eva @evacide

[ Others ] Russia plans to make it a crime to even talk about Internet circumvention tools online: https://advox.globalvoices.org/2016/03/17/russia-plans-to-fine-websites-for-propaganda-of-circumvention-tools/

"俄罗斯计划推行一项法律，在线讨论翻墙工具属于犯罪，这里的翻墙是指能绕过限制访问禁止访问的网站︰ https://t.co/M9pcToX62M"
Binni Shah @binitamshah

[ Others ] Node.js Package Manager Vulnerable to Malicious Worm Packages : http://news.softpedia.com/news/node-js-package-manager-vulnerable-to-malicious-worm-packages-502216.shtml

"Node.js 包管理器受恶意蠕虫包的影响，包管理器允许恶意脚本的作者将他们的恶意程序包注入到 NPM 生态系统中︰ https://t.co/KZtAhtrllO"
byt3bl33d3r @byt3bl33d3r

[ Pentest ] Just released CrackMapExec 3.0! Payload module system, credential database and much more! https://github.com/byt3bl33d3r/CrackMapExec

"CrackMapExec - 用于渗透 Windows 和 Active Directory 环境的瑞士军刀，去年推送过这个工具，现在 CrackMapExec 更新到 3.0 了， Github Repo： https://t.co/uh93qoolBs"
Binni Shah @binitamshah

[ Pentest ] Cheatsheets : Penetration Testing/Security Cheatsheets : https://github.com/jshaw87/Cheatsheets

"渗透测试手册（大合集，包括各种工具的使用，多种目标的渗透）︰ https://t.co/ekYCxP342V"
shubs @infosec_au

[ Tools ] Introducing bug bounty dash, a dashboard for bounty hunters on @ Hacker0x01 and @ Bugcrowd: https://github.com/infosec-au/bugbountydash https://t.co/4alqBsAOaC

"终端版本的 Bug Bounty Dashboard： https://t.co/zw0ReaPj3H https://t.co/4alqBsAOaC"
Siow Cheng Yik @happyf337

[ Tools ] BinDiffFilter - IDA Pro plugin https://github.com/icewall/BinDiffFilter

"BinDiffFilter - IDA Pro 插件，可以过滤 BinDiff 的分析结果，使分析更加轻松： https://t.co/lSDMLnHKcl"

2016/03/28