腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/04/04

Binni Shah @binitamshah

[ Android ] Fuzzing and Exploiting parcelization vulnerabilities in Android : https://www.blackhat.com/docs/asia-16/materials/asia-16-He-Hey-Your-Parcel-Looks-Bad-Fuzzing-And-Exploiting-Parcelization-Vulnerabilities-In-Android.pdf (Slides) #BHASIA

"Hey your parcel looks bad - Android Parcel 漏洞的挖掘和利用， Parcel 是 Android 系统的一种对象序列化机制，来自 KeenLab Flanker 在 BlackHat Asia 2016 会议的演讲︰ https://t.co/9fv1kVT1sW "
Keren E @k3r3n3

[ Attack ] the #panama papers: massive leak. Exposing offshore accounts and corruption evidence of top global power players: http://panamapapers.sueddeutsche.de/articles/56febff0a1bb8d3c3495adf4/

"2.6 TB 的 Panama 文件泄露︰ https://t.co/wcAHw7e66p Wired 对这件事儿的报道： http://www.wired.com/2016/04/reporters-pulled-off-panama-papers-biggest-leak-whistleblower-history/ Github 上保存的 CSV 格式的泄露的文件： https://github.com/amaboura/panama-papers-dataset-2016 "
Sebastian Lekies @slekies

[ Browser ] Spoofing window.location via WebWorkers: http://goo.gl/hrVISR. Full list of #XSSI example attacks: http://goo.gl/8USvx4

"通过 WebWorkers 欺骗 window.location: https://t.co/ccoDZBV7cl XSSI 攻击示例列表︰ https://t.co/ny28XCAYfq"
Binni Shah @binitamshah

[ Hardware ] Hacking a Professional Drone : https://www.blackhat.com/docs/asia-16/materials/asia-16-Rodday-Hacking-A-Professional-Drone.pdf (Slides) https://t.co/gqrU3erQpl

"黑掉一架专业的无人机，来自 BlackHat Asia 2016 会议的演讲︰ https://t.co/vn5zU8raEn https://t.co/gqrU3erQpl"
Binni Shah @binitamshah

[ iOS ] Home-Brewing iOS Malware Like a B0$$! : https://www.blackhat.com/docs/asia-16/materials/asia-16-Tamir-Su-A-Cyder-Homebrewing-Malware-For-iOS-Like-A-B0SS.pdf (Slides) #BHASIA

"像老板一样自制 iOS 恶意软件，来自 BlackHat Asia 2016 会议的演讲: https://t.co/GEZgWaegfi "
Nicolas Krassas @Dinosn

[ IoTDevice ] Hacking connected lightbulbs to breach Air-Gapped networks http://securityaffairs.co/wordpress/45930/iot/hacking-connected-lightbulbs.html

"通过黑掉一个联网的灯泡，偷取物理隔绝网络的数据，来自 SecurityAffairs 的报道： https://t.co/dpuiO0aFaT"
Binni Shah @binitamshah

[ Linux ] Exploiting Linux and PaX ASLR’s weaknesses on 32- and 64-bit systems : https://www.blackhat.com/docs/asia-16/materials/asia-16-Marco-Gisbert-Exploiting-Linux-And-PaX-ASLRS-Weaknesses-On-32-And-64-Bit-Systems.pdf (Slides) #BHASIA https://t.co/bwDhyj8VMB

"攻击 32/64 位 Linux ASLR 的弱点︰ https://t.co/tZNhTQU2oI https://t.co/bwDhyj8VMB"
PHR34K @unpacker

[ Malware ] Magnitude EK Malvertising Campaign Adds Fingerprinting Gate https://blog.malwarebytes.org/threat-analysis/exploits-threat-analysis/2016/04/magnitude-ek-malvertising-campaign-adds-fingerprinting-gate/

"Magnitude EK 利用指纹技术过滤真实用户： https://t.co/NjeVl9ciTI"
PHR34K @unpacker

[ Malware ] KimcilWare Ransomware: How to Decrypt Encrypted Files and who is Behind It http://blog.fortinet.com/post/kimcilware-ransomware-how-to-decrypt-encrypted-files-and-who-is-behind-it

"KimcilWare 勒索软件︰如何解密加密后的文件以及 KimcilWare 的背后是谁，来自 Fortinet Blog： https://t.co/3OZ3UL1yl8"
PHR34K @unpacker

[ Malware ] Petya – Taking Ransomware To The Low Level https://blog.malwarebytes.org/threat-analysis/2016/04/petya-ransomware/

"Petya — 将勒索软件带向底层： https://t.co/T9CVlez5Q1"
Binni Shah @binitamshah

[ Others ] Hotpatching a C Function on x86 : http://nullprogram.com/blog/2016/03/31/

"在 x86 平台上 Hot Patch C 函数︰ https://t.co/ilYTSZR1XY"
Binni Shah @binitamshah

[ Others ] PLC-BLASTER : A Worm Living Solely in the PLC : https://www.blackhat.com/docs/asia-16/materials/asia-16-Spenneberg-PLC-Blaster-A-Worm-Living-Solely-In-The-PLC.pdf (Slides) #BHASIA

"PLC-Blaster - 只生活在 PLC 中的蠕虫，来自 BlackHat Asia 2016 会议的演讲︰ https://t.co/TEvfg5Qynb "
Binni Shah @binitamshah

[ Others ] The Perl Jam 2 : Exploiting a 20 Year-old Vulnerability : https://www.blackhat.com/docs/asia-16/materials/asia-16-Rubin-The-Perl-Jam-2-The-Camel-Strikes-Back.pdf (Slides) #BHASIA

"Perl 的困境 2︰攻击一个 20 年之久的漏洞︰ https://t.co/ZJvaWNDavV "
Binni Shah @binitamshah

[ Pentest ] Analysis of the Procedure of Penetration on a Hacked Host : http://en.wooyun.io/2016/03/29/48.html

"主机被入侵分析过程报告，来自 Wooyun Drops ︰ https://t.co/nCypya8caQ"
Binni Shah @binitamshah

[ Web Security ] Breaking the Google reCAPTCHA : https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA.pdf (Slides) #BHASIA

"打败 Google 的验证码，来自 BlackHat Asia 2016 会议的演讲︰ https://t.co/zr0tYN8l3F "
powertool @ithurricanept

[ Windows ] Symbols for lxcore.sys(Linux-3.4.0-Microsoft) has been released, I tested on Windows 10 Insider Preview Build 14295. https://t.co/se2ZZsr33v

"Lxcore.sys(Linux-3.4.0-Microsoft) 的调试符号已发布，测试版本： Windows 10 Insider Preview Build 14295: https://t.co/se2ZZsr33v"
Binni Shah @binitamshah

[ Windows ] DSCompromised : A Windows DSC Attack Framework : https://www.blackhat.com/docs/asia-16/materials/asia-16-Kazanciyan-DSCompromised-A-Windows-DSC-Attack-Framework.pdf (Slides) #BHASIA

"DSCompromised: Windows DSC 攻击框架， DSC 指期望状态配置（Desired State Configuration），是 PowerShell 4.0 新推出的一种特性，来自 BlackHat Asia 2016 会议的演讲︰ https://t.co/Rp55F20R5r "
Binni Shah @binitamshah

[ WirelessSecurity ] Rapid Radio Reversing : https://www.blackhat.com/docs/asia-16/materials/asia-16-Ossmann-Rapid-Radio-Reversing-wp.pdf (wp/pdf*) #BHASIA

"快速地无线电逆向， Paper︰ https://t.co/rRsAfoFinE Slides: https://www.blackhat.com/docs/asia-16/materials/asia-16-Ossmann-Rapid-Radio-Reversing-wp.pdf "

2016/04/04