腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/05/11

Symantec @symantec

[ Android ] #Malware may abuse Android's accessibility service to bypass security enhancements. More: http://symc.ly/21QD5Wp https://t.co/WR5XGITODo

"恶意软件滥用 Android Accessibility 服务，绕过安全限制︰ https://t.co/uSM5MBBZj0 https://t.co/WR5XGITODo"
Nikolaos Chrysaidos @virqdroid

[ Android ] ApkSecurityAnalysis - https://github.com/Andy10101/ApkSecurityAnalysis

"ApkSecurityAnalysis - Android APK 安全性分析工具： https://t.co/PLD8Q1UJci"
OSINT @OSINT_leads

[ Attack ] Random OSINT lead: https://www.passivetotal.org/passive/linkconf.net #kaspersky #mask #careto http://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/unveilingthemask_v1.0.pdf

" Kaspersky 2014 年的一篇 APT 报告：《揭开 'Careto' 的面纱》︰ https://t.co/4XkQ31GY17 https://t.co/brRLTRJGVF"
FireEye @FireEye

[ Attack ] Threat actor leverages #Windows #0day exploit in payment card data attacks https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html https://t.co/Q1ixWLjWbv

"支付卡数据攻击中的 Windows 提权 0Day： https://t.co/UGjbcFN05d https://t.co/Q1ixWLjWbv "
Nicolas Krassas @Dinosn

[ Browser ] Browser as an Interactive Disassembler, by Vyacheslav Egorov http://mrale.ph/blog/2015/03/29/browser-as-an-interactive-disassembler.html

"将浏览器作为一个交互式的反汇编工具： https://t.co/aWshp4Kvx5"
Binni Shah @binitamshah

[ Browser ] Detect audio frequency using HTML5 (and more) - Web Audio DAW. Use HTML5 Web Audio API for dynamic sound synthesis : https://github.com/rserota/wad

" 基于 HTML5 的动态音效合成工具， GitHub Repo︰ https://t.co/vPMubcNED9"
Binni Shah @binitamshah

[ Detect ] How You Can Set up Honeytokens Using Canarytokens to Detect Intrusions : https://zeltser.com/honeytokens-canarytokens-setup/

"我是如何搭建 Honeytokens 蜜罐，检测入侵行为的: https://t.co/NuxuO5h5sa"
securxcess @securxcess

[ Detect ] How to tell if you’re infected with malware http://ow.ly/mh7P1000GJh

" 如何判断自己感染了恶意软件，来自 MalwareBytes Blog： https://t.co/0UvWvbMRSn"
Nicolas Economou @NicoEconomou

[ Exploit ] New blogpost: "Getting Physical: Extreme abuse of Intel based Paging Systems – Part 1" ... https://blog.coresecurity.com/2016/05/10/getting-physical-extreme-abuse-of-intel-based-paging-systems-part-1/ https://t.co/y2Lw106ag7

" 滥用 Intel 分页系统，瓦解内核的保护机制（Windows/Linux），之前推送过作者在 CanSecWest 2016 会议关于这一议题的演讲，这次作者写了一篇 Blog， Part 1： https://t.co/RlIMXfCHFj https://t.co/y2Lw106ag7"
Michael.Gorelik @smgoreli

[ Exploit ] APT Advanced shell-code dissection, 1/56 on VT http://blog.morphisec.com/recycling-exploits-cyber-security , @ u_analysis thanks for sample, @ PhysicalDrive0 @ r41p41 @ DEYCrypt

" 已知漏洞的回收再利用 - CVE-2012-0158 Exploit 是如何逃逸几乎所有安全检测产品的： https://t.co/wRDTQyRnfr "
Daniel Bilar @daniel_bilar

[ Fuzzing ] Zesty assessment of #infiltrate 2016 talks by @ daveaitel http://cybersecpolitics.blogspot.com/2016/05/the-common-thread-fuzzing-bug-triage.html [bonmots galore; "fuzzers are mightier than the sword"]

" Dave Aitel 对 Infiltrate 会议 Fuzz 相关的的几个议题的看法： https://t.co/rB5UFbWn12 "
Daniel Gruss @lavados

[ Hardware ] AMD CPUs more susceptible to #rowhammer than Intel CPUs http://www.thirdio.com/rowhammera1.pdf (via @ mark_lanteigne) It's all about the access patterns.

"AMD CPU 比 Intel CPU 更容易受 Row Hammer 问题影响： https://t.co/TOALSUpT5h "
Binni Shah @binitamshah

[ IoTDevice ] Rooting the Amazon Echo : https://rbfi.io/dl.php?key=/w3kf/rooting_the_amazon_echo.pdf (pdf)

"Rooting the Amazon Echo， Amazon Echo 是一款智能硬件，可以通过语音控制它以及它所连接的设备︰ https://t.co/vXTX6RLPjm "
Ronnie Flathers @ropnop

[ Linux ] Slides and demo from my @ thotcon talk have been posted! Thanks for the good questions/discussions, keep em coming! https://speakerdeck.com/ropnop/abusing-linux-trust-relationships-authentication-back-alleys-and-forgotten-features

" 滥用 Linux 的信任关系： https://t.co/sYjozfoRgH"
Nicolas Krassas @Dinosn

[ Malware ] Let's Analyze: Dridex (Part 3) http://www.malwaretech.com/2016/05/lets-analyze-dridex-part-3.html

" MalwareTech Blog 对 Dridex 的分析(Part 3)： https://t.co/vuvZmXAfyF"
TrendLabs @TrendLabs

[ Malware ] New post: Backdoor as a Software Suite: How TinyLoader Distributes and Upgrades PoS Threats http://bit.ly/1OfKLz9 @ TrendMicro

" TinyLoader 是如何传播 AbaddonPOS 和 TinyPOS 的，来自 ThreatPost Blog： https://t.co/EgEMGdOZCY "
Taoguang Chen @chtg57

[ OpenSourceProject ] So arbitrarily wddx packet injection via PHP’s wddx_serialize_value() is not security issue. LOL https://bugs.php.net/bug.php?id=72142

" PHP 5.6.21 wddx_serialize_value() WDDX 数据包注入漏洞： https://t.co/yekka3kij8"
Shodan @shodanhq

[ Others ] Most anonymous VNC servers run on a non-standard port - full report: http://buff.ly/24LUeWs

" Shodan 搜索引擎对全网匿名 VNC 服务器的统计情况︰ https://t.co/eCnq4QcqSW"
PHR34K @unpacker

[ Others ] Locky Gets Clever! http://www.fireeye.com/blog/threat-research/2016/05/locky_gets_clever.html

" Locky 也变得越来越聪明了，来自 FireEye Blog： https://t.co/kOtI1lsPMJ"
securxcess @securxcess

[ Others ] New Trojan Uses Fiddler to Redirect Infected Users to Phishing Sites http://ow.ly/esUp1000GI9

" 木马作者利用 Fiddler 工具将用户重定向到钓鱼网站： https://t.co/uXcrJiRd03 "
Thorsten Holz @thorstenholz

[ Others ] On soundness of static program analysis methods: http://soundiness.org

"静态程序分析方法的可靠性︰ https://t.co/6mGwcVGSnQ"
Unit 42 @Unit42_Intel

[ Others ] New #Unit42 report: #Ransomware is not a “#malware problem” – It’s a criminal business model http://bit.ly/23EnNUh

" 勒索软件不是个 '恶意软件' 问题，它是个犯罪商业模式问题，来自 Palo Alto Blog： https://t.co/bwY000fXH3"
Threatpost @threatpost

[ Popular Software ] .@ Adobe warns of Flash #zeroday, patches 95 vulns in Acrobat, Reader for #PatchTuesday - http://ow.ly/L6Dp3005eeS

"Adobe 发布漏洞公告，本次共修复 95 个漏洞，其中 Flash 1 个，Acrobat Reader 92 个，这 92 个中的 32 个由玄武实验室 Liu Ke 发现： https://t.co/9QVgZzla5M"
Pier-Luc Maltais @plmaltais

[ Popular Software ] Advisory and PoC for APSB16-14 (CVE-2016-1077) : https://plmsecurity.net/APSB16-14

"APSB16-14 Adobe DC Reader CVE-2016-1077 漏洞公告和 PoC: https://t.co/sZklcsKfSv"
gradetwo @gradetwo

[ ReverseEngineering ] #IDAPRO flirt signatures http://woodmann.com/collaborative/tools/index.php/Category:IDA_FLIRT_Signatures

" IDA PRO 的一些 Flirt Signature 下载： https://t.co/6vviXL4QEa"
PhysicalDrive0 @PhysicalDrive0

[ Tools ] #Manalyzer - free service which performs static analysis on PE executables https://manalyzer.org/ https://t.co/M52jlh0CrQ

"Manalyzer - PE 文件静态分析工具（在线）： https://t.co/4eAeVnThVI https://t.co/M52jlh0CrQ "
Giuseppe `N3mes1s` @gN3mes1s

[ Tools ] Unik - The Unikernel Compilation and Deployment Platform - https://github.com/emc-advanced-dev/unik cc: @ amirmc @ unikernel

"Unik - Unikernel 编译和部署平台，Unikernel 是一个可引导的轻量级磁盘映像： https://t.co/fduI3tJPN5 "
Enno Rey @Enno_Insinuator

[ Tools ] Pulsar. Protocol Learning, Simulation and Stateful Fuzzer https://github.com/hgascon/pulsar https://t.co/nvYm3tCsND

"Pulsar - 网络协议自学习和有状态的 Fuzzing： https://t.co/PZdUlUHHoW https://t.co/nvYm3tCsND"
Binni Shah @binitamshah

[ Tools ] hydrogen : Multithreaded, non-blocking Linux server framework in Rust : https://github.com/nathansizemore/hydrogen

"hydrogen - Rust 语言写的一个多线程、非阻塞的 Linux 服务器框架︰ https://t.co/NaA6lLULiI"
Casey Smith @subTee

[ Windows ] InstallUtil.exe SSH = Bypass + Tunnels What Fun! LocalPortForwarding Example https://gist.github.com/subTee/60832e2867163c1f8e518d141672da99 Library Here: http://sshnet.codeplex.com

"InstallUtil.exe + SSH 本地端口转发代码实例： https://t.co/nZEsGOUWi9 SSH .NET 库︰ https://t.co/uLWZYt7C5s"
Nicolas Krassas @Dinosn

[ Windows ] MS16-053 - Critical: Cumulative Security Update for JScript and VBScript (3156764) - Version: 1.0 https://technet.microsoft.com/en-us/library/security/ms16-053.aspx

"Windows 发布 5 月份补丁更新，补丁信息摘要： https://technet.microsoft.com/en-us/library/security/ms16-may.aspx 本次共发布 16 个补丁包，修复 33 个漏洞，其中 8 个为严重级别，来自 Talos Blog 的分析： http://blog.talosintel.com/2016/05/ms-tuesday.html#more "

2016/05/11