腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/05/17

Nicolas Krassas @Dinosn

[ Android ] How I broke a mobile banking application to gain unrestricted access to several Billion Dollars worth of Deposits. https://boris.in/blog/2016/the-bank-job/

" 我是如何通过攻破银行 APP，不受限制地控制几亿美元存款的： https://t.co/ed2nCW1Jho"
Nikolaos Chrysaidos @virqdroid

[ Android ] Android internals https://github.com/keesj/gomo/wiki/

" Android Internals Wiki 文档： https://t.co/nSThOV3eo6"
jsoo @_jsoo_

[ Attack ] DarkHotel定向攻击样本分析 - http://bobao.360.cn/learning/detail/2869.html

"DarkHotel 定向攻击样本分析，来自 360 播报： https://t.co/Ot5ddapLKa"
Mike_Mimoso @Mike_Mimoso

[ Attack ] Nulled.io data dumped online. https://threatpost.com/info-on-500k-users-doxxed-in-hacking-forum-dump/118114/ via @ threatpost

" 地下黑市论坛 Nulled.io 本月被黑，50 万用户数据泄漏， Nulled.io 论坛主要用于地下黑客交换数据，这次被黑可能是因为 ImageTragick 漏洞，来自 ThreatPost 报道： https://t.co/H9IwBzs4g9"
HACKMIAMI @hackmiami

[ Defend ] Slides from Defending the indefensible by Rev Least Priviledge at HackmiamiCon 2016 https://www.dropbox.com/s/sfqulj6uhpb5yn7/defending-indefensible.pdf?dl=0 #hackmiami #hackmiamicon

" Defending the indefensible，来自 HackmiamiCon 2016 会议： https://t.co/B1jGD8Y7oi "
MalwareTech @MalwareTechBlog

[ Detect ] Live botnet tracker v3 https://intel.malwaretech.com/pewpew.html (Works best on Firefox & Chrome)

" Botnet 在线追踪，来自 MalwareTech： https://t.co/VH1JItl3am "
Matt Graeber @mattifestation

[ Detect ] I just released CimSweep 0.4.0. CimSweep is used for IR/hunt over WMI. https://github.com/PowerShellMafia/CimSweep https://www.powershellgallery.com/packages/CimSweep/0.4.0.0 #PowerShell #DFIR

" CimSweep - 基于 CIM/WMI 的应急响应和威胁检测工具，该工具可以远程在 Windows 全版本使用， GitHub Repo： https://t.co/ndj0CeNYNk https://t.co/zfZnTxJDjf "
Dmytro Oleksiuk @d_olex

[ Firmware ] My ThinkPad SMM exploit can bypass Virtualisation Based Code Integrity now, thx to kernel driver from RWEverything https://github.com/Cr4sh/fwexpl/commit/74c7cfba12dba9046a00ae87a50a0608282312f9

" Cr4sh 的固件漏洞利用工具 fwexpl 更新，加了一个针对基于虚拟化的完整性保护的攻击模块： https://t.co/3PpdAGD7Ja"
Zuk @ihackbanme

[ iOS ] iOS 9.3.2 is out. Multiple remote code exec vulns and local EOPs: https://support.apple.com/en-us/HT206568

"iOS 发布 9.3.2 版本，本次更新修复了多个 RCE 和本地提取漏洞，官方公告: https://t.co/hIFh7huGNh"
Nicolas Krassas @Dinosn

[ Mac OS X ] [CVE-2016-1824] Apple IOHIDFamily kernel race condition as root https://marcograss.github.io/security/apple/cve/2016/05/16/cve-2016-1824-apple-iohidfamily-racecondition.html

"Apple IOHIDFamily 内核竞争条件漏洞（Root 权限）（CVE-2016-1824），来自 marcograss 的 Blog： https://t.co/JvEOGz9TtJ Apple OS X 更新 10.11.5 版本，本次更新的漏洞公告： https://support.apple.com/en-hk/HT206567 "
BitDefenderLabs @BitDefenderLabs

[ Malware ] Inside The Million-Machine Clickfraud Botnet https://labs.bitdefender.com/2016/05/inside-the-million-machine-clickfraud-botnet/

"Redirector.Paco - 涉及数百万机器的点击欺诈 Botnet，来自 Bitdefender 的分析： https://t.co/RddUXAFpid"
PhysicalDrive0 @PhysicalDrive0

[ Malware ] Analyzing #Furtim: #Malware that Avoids Mass-Infection http://breakingmalware.com/malware/furtim-malware-avoids-mass-infection/

" Furtim - 一款避免大规模感染的恶意软件，来自 BreakingMalware Blog： https://t.co/oPBMNfEzjK"
vincent zimmer @vincentzimmer

[ Others ] Developer's blog: Size cost of C++ exception handling on embedded pl... http://andriidevel.blogspot.com/2016/05/size-cost-of-c-exception-handling-on.html?spref=tw

" 引入 C++ 异常处理会增大二进制代码的体积，到底会增加多少呢： https://t.co/RqO4W9smDT"
Toby Bussa @tbussa

[ Others ] Latest research now live - Market Guide for Managed Detection and Response - https://www.gartner.com/doc/3314023 (Gartner acct req'd) @ craiglawson

" Gartner 发布《托管检测与应急响应服务市场指南》，一份卖 1295 美元的文档： https://t.co/1i6A8juHKW "
Binni Shah @binitamshah

[ Others ] An Implementation and Analysis of a Kernel Network Stack in Go with the CSP Style : http://arxiv.org/pdf/1603.05636v1.pdf (pdf) https://t.co/6SUWLhKaua

"Go 语言实现的一个 CSP 风格的内核网络协议栈分析， CSP 指通讯顺序进程（Communicating Sequential Processes）， Paper︰ https://t.co/Y5drwYdkEn https://t.co/6SUWLhKaua"
Florian Roth @cyb3rops

[ Pentest ] Ways to Download & Execute code via the Cmdline FTP, WSH, BITSadmin, PowerShell (Jan 2012) https://www.greyhathacker.net/?p=500 https://t.co/qLBJBARdqJ

"通过命令行实现代码下载并执行的多种方法（FTP，WSH，BITSadmin，PowerShell）： https://t.co/hszh3W0MAV https://t.co/qLBJBARdqJ "
Nicolas Krassas @Dinosn

[ Popular Software ] Adobe Flash addProperty Use-After-Free https://packetstormsecurity.com/files/137058/GS20160516193103.tgz

"Adobe Flash addProperty UAF 漏洞（CVE-2016-4108）： https://t.co/66sMwNIZ0w Project Zero Issue 801： https://bugs.chromium.org/p/project-zero/issues/detail?id=801 "
packet storm @packet_storm

[ Popular Software ] Adobe Flash MovieClip.duplicateMovieClip Use-After-Free https://packetstormsecurity.com/files/137050 #exploit

"Adobe Flash MovieClip.duplicateMovieClip UAF 漏洞（CVE-2016-1011）： https://bugs.chromium.org/p/project-zero/issues/detail?id=759 这是 Project Zero 研究员 natashenka 在该 API 发现的第二个漏洞了，上一个是： https://bugs.chromium.org/p/project-zero/issues/detail?id=591 "
Nicolas Krassas @Dinosn

[ Popular Software ] Hipchat Server Remote Code Execution / File Read / SSRF https://cxsecurity.com/issue/WLB-2016050063

"Hipchat 服务器存在 ImageMagick 漏洞，可以实现远程代码执行、本地文件读写、SSRF，来自 CXSecurity 的公告： https://t.co/JFWn2RPhRb"
vincent zimmer @vincentzimmer

[ Tools ] A type-safe and zero-allocation library for reading and navigating ELF files http://www.ncameron.org/blog/a-type-safe-and-zero-allocation-library-for-reading-and-navigating-elf-files/

"一个类型安全、零内存分配的 ELF 文件解析库： https://t.co/xv5i0Rdw2e"
Casey Smith @subTee

[ Tools ] This #PowerShell function uses IMAPI COM objects to create .iso files. Without using any external utilities/files https://gallery.technet.microsoft.com/scriptcenter/New-ISOFile-function-a8deeffd

"PowerShell 支持用 IMAPI COM 对象直接创建 .iso 文件，无需其他任何外部工具： https://t.co/ChZrbQUos8"
PentesterLab @PentesterLab

[ Tools ] New ISO for our subscribers: https://pentesterlab.com/exercises/cve-2016-0792 !! RCE in Jenkins :)

" PentesterLab 公开了一个 Jenkins RCE（CVE-2016-0792）漏洞利用练习环境的 ISO 镜像︰ https://t.co/lFs8HLpZ4R "
SkyLined @berendjanwever

[ Tools ] #BugId has improved handling of stack hashes for JIT compiled code (https://github.com/SkyLined/BugId/commit/8074d4d5857f8d203d2d16a773ae2ad0a195430a) and Egde asserts (https://github.com/SkyLined/BugId/commit/8074d4d5857f8d203d2d16a773ae2ad0a195430a)

"BugId - SkyLined 写的一个漏洞检测、分析工具： https://github.com/SkyLined/BugId 该工具由 Python 语言编写，最近 SkyLined 提交了两次更新： https://t.co/g2PZb48ENs https://t.co/g2PZb48ENs 另外 SkyLined 经常会发一些 IE/Edge 浏览器的 Crash Bug 代码，可以去他的主页看看： https://github.com/SkyLined/BugId "
jsoo @_jsoo_

[ Virtualization ] 360 Marvel Team虚拟化漏洞第五弹 - CVE-2016-3710 Dark Portal漏洞分析 http://bobao.360.cn/learning/detail/2867.html

"360 Marvel Team 虚拟化漏洞第五弹 - CVE-2016-3710 Dark Portal 漏洞分析，来自 360 播报： https://t.co/HXiLd5ChVP"
Nicolas Krassas @Dinosn

[ Web Security ] Avoiding XSS Detection (payload generator + self-delete code) http://brutelogic.com.br/blog/avoiding-xss-detection/

"XSS 检测逃逸（Payload 生成器 + 自删除代码）： https://t.co/XjsLLPDlfe"
Enno Rey @Enno_Insinuator

[ Windows ] #IPv6 Hardening Guide for Windows Servers https://www.ernw.de/download/ERNW_Guide_to_Configure_Securely_Windows_Servers_For_IPv6_v1_0.pdf [PDF], by @ AntoniosAtlasis

" Windows Server IPv6 安全加固指南，来自 ERNW 2014 年的一篇文档： https://t.co/gujjasrbWb "
Mike_Mimoso @Mike_Mimoso

[ Windows ] Microsoft Quietly Kills Controversial Wi-Fi Sense Feature: https://threatpost.com/microsoft-quietly-kills-controversial-wi-fi-sense-feature/118124/ via @ threatpost

" Windows 悄悄禁用了 WiFi 感知功能，来自 ThreatPost 报道： https://t.co/Jt0CxXNRuK"

2016/05/17