腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/06/08

PHR34K @unpacker

[ Android ] Android Malware Analysis http://resources.infosecinstitute.com/android-malware-analysis-2/

"动态静态结合的 Android 恶意软件分析，来自 InfoSec Blog： https://t.co/QOpN9SroJW"
Nicolas Krassas @Dinosn

[ Attack ] Rotten Apples: Apple-like Malicious Phishing Domains http://www.fireeye.com/blog/threat-research/2016/06/rotten_apples_apple.html

" 腐烂的 Apple - 那些模仿 Apple 网站的钓鱼域名： https://t.co/ZMw7oKBE6S"
Binni Shah @binitamshah

[ Backdoor ] browser-backdoor : Cross platform WebSocket Remote Access Tool built with Electron which has Full access to the API: https://github.com/IMcPwn/browser-backdoor

" BrowserBackdoor - JavaScript WebSocket 实现的远控工具︰ https://t.co/MpME9y9BjR "
kennyog @kennyog

[ Crypto ] Our paper on "Backdoors in Pseudorandom Number Generators: Possibility and Impossibility Results" is online at https://eprint.iacr.org/2016/577.pdf

" 伪随机数生成器中的后门， Paper： https://t.co/Rtjw3urEX2 "
Nicolas Krassas @Dinosn

[ Crypto ] The Illusion Of An Encrypted Internet https://threatpost.com/the-illusion-of-an-encrypted-internet/118519/

" 互联网加密的错觉，来自 ThreatPost： https://t.co/If913WmyJd"
CERT Polska @CERT_Polska_en

[ Detect ] We release a snort x509 certificate reputation plugin http://seclists.org/snort/2016/q2/324 source: https://github.com/CERT-Polska/snort3-x509-reputation-plugin

"Snort x509 证书信誉评估插件： https://t.co/lflK8hunhv GitHub Repo︰ https://t.co/GaGXfygq8M"
Nicolas Krassas @Dinosn

[ Exploit ] Walkthrough on writing your own shellcode to spawn a shell. https://paraschetal.in/writing-your-own-shellcode/

" 一篇关于 Linux 系统 Shellcode 编写的教程： https://t.co/JsQwBtP6EI"
Caleb Sima @csima

[ MachineLearning ] An All-In-one Docker Image for Deep Learning https://github.com/saiprashanths/dl-docker

" 多合一深度学习 Docker 镜像： https://t.co/5jcJThbtpz "
mlwre @huntingmalware

[ Malware ] hooray! we have a new post! https://mlwre.github.io/2016/06/06/Crypren-Ransomware-Analysis.html #malware #ransomware #crypren

" Crypren 勒索软件分析： https://t.co/nMIy95hbwg "
TrendLabs @TrendLabs

[ Malware ] New post: Ransomware Leaves Server Credentials in its Code http://bit.ly/25KvKgZ @ TrendMicro

" 勒索软件 SNSLocker 在代码中保留了服务器和数据库的登录密钥信息，来自 TrendMicro Blog： https://t.co/yY7QTdtQF1 "
Nicolas Krassas @Dinosn

[ Malware ] Ransomware dominates the threat landscape https://blog.malwarebytes.org/cybercrime/2016/06/ransomware-dominates-the-threat-landscape/

" 勒索软件占据了当前威胁的主导地位，来自 MalwareBytes Blog： https://t.co/cULsbC9r6g"
Palo Alto Networks @PaloAltoNtwks

[ Malware ] In part two of this blog series, @ malware_traffic examines #Angler exploit kits http://bit.ly/22Ndi1U #cybersecurity

" 了解 Angler Exploit Kit （Part 2），来自 Palo Alto Blog： https://t.co/LLdPbFx7i6 "
IntrusionSkills @IntrusionSkills

[ MalwareAnalysis ] Recovering A Ransomed PDF https://blog.didierstevens.com/2016/06/07/recovering-a-ransomed-pdf/ #DFIR #malware by @ DidierStevens

" 还原一个被勒索软件加密后的 PDF 文档，来自 Didier Stevens Blog： https://t.co/cYa2rT241K "
Binni Shah @binitamshah

[ MalwareAnalysis ] Automatic Reverse Engineering of Malware Emulators : http://old.iseclab.org/people/andrew/download/oakland09.pdf pdf) https://t.co/3NEyEVskIz

" 自动化地逆向恶意软件仿真器，来自 ISecLab 09 年的一篇 Paper ︰ https://t.co/KggoABD43r https://t.co/3NEyEVskIz "
Andrew McCreight @amccreight

[ OpenSourceProject ] Try billm's new Firefox code search tool, Searchfox. It understands C++ code better, and has good builtin blame. https://billmccloskey.wordpress.com/2016/06/07/searchfox/

" Searchfox - Mozilla Firefox 源码搜索工具（在线）： https://t.co/wsz7ubAcJ2"
Alejandro Ramos @aramosf

[ Others ] You Don't Know JS: https://github.com/getify/You-Dont-Know-JS - This is a series of (free) books diving deep into the core mechanisms of the JS.

" You Dont Know JS - 关于 JS 的一些核心特性，GitHub Repo: https://t.co/Z2pWjyPYS0 "
MWR Labs @mwrlabs

[ Others ] New advisory! A command injection flaw in IBM's Spectrum Scale/GPFS clustered file system reported by @ j0hn__f https://labs.mwrinfosecurity.com/advisories/ibm-gpfs-spectrum-scale-command-injection/

" MWR Labs 发现了 IBM GPFS 集群文件系统的一个命令注入漏洞： https://t.co/y4iQyLXqQl "
Brendan Dolan-Gavitt @moyix

[ Others ] New blog post, first in a series introducing our LAVA bug injection system: http://moyix.blogspot.com/2016/06/how-to-add-a-million-bugs-to-a-program.html

" 一篇关于 LAVA（Bug 植入系统）的 Blog ︰ https://t.co/5Qgjnxxw2M"
SecurityWeek @SecurityWeek

[ Pentest ] Your 2016 Penetration Testing Toolkit from @ Rapid7 http://conta.cc/1teWhC3

" 2016 渗透测试工具箱，来自 Rapid7： https://t.co/hUjIBTs0Cv "
Nicolas Krassas @Dinosn

[ Popular Software ] Valve Steam 3.42.16.13 Local Privilege Escalation https://packetstormsecurity.com/files/137343/valvesteam-escalate.txt

" Valve Steam 游戏平台应用程序 3.42.16.13 版本本地提权漏洞（CVE-2016-5237），来自 PacketStorm： https://t.co/raAQJ1MkVz"
Nicolas Krassas @Dinosn

[ Popular Software ] Details on a stack-based buffer overflow in the Adobe CFF rasterizer in FreeType2 (CVE-2014-2240, CVE-2014-9659) http://j00ru.vexillium.org/?p=2245

" Adobe FreeType2 CFF rasterizer 栈缓冲区溢出漏洞的细节（CVE-2014-2240，CVE-2014-9659），来自 j00ru 的 Blog： https://t.co/DK8wgDr8FL"
jsoo @_jsoo_

[ SecurityProduct ] armadito-av - Armadito antivirus main repository https://github.com/armadito/armadito-av

" 开源反病毒软件 Armadito 的源码： https://t.co/TYJmVhgJG9"
Nikolaos Chrysaidos @virqdroid

[ SecurityProduct ] (In-) Security of Security Applications - Mobile AVs https://www.sit.fraunhofer.de/fileadmin/dokumente/Presse/teamsik_advisories_AV.pdf?_=1464692835

" 安全软件自身的（脆弱）安全性（主要是手机版反病毒软件）： https://t.co/xy3KxfLgwh "
publiclyDisclosed @disclosedh1

[ Web Security ] Uber disclosed a bug submitted by @ klikkioy: https://hackerone.com/reports/136531 #hackerone #bugbounty https://t.co/pklY3lhJp8

" HackerOne 网站公开了 Uber 网站一个漏洞的细节（WordPress）: https://t.co/gcbnmw3WBL 还有一个登录认证绕过漏洞： https://hackerone.com/reports/136169 Uber 奖励了该绕过漏洞的发现者 1 万美金，来自 ThreatPost 的报道： https://threatpost.com/uber-pays-researcher-10k-for-login-bypass-exploit/118516/ "
Binni Shah @binitamshah

[ Web Security ] Vulnerabilities in Facebook Chat and Messenger exploitable with basic HTML knowledge : http://blog.checkpoint.com/2016/06/07/facebook-maliciouschat/

" CheckPoint 发现了 Facebook 聊天工具的一个漏洞︰ https://t.co/U9rTE2rYGN 通过该漏洞可以查看聊天历史记录"
Full Disclosure @SecLists

[ Web Security ] Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability http://goo.gl/fb/P0BNPn #FullDisclosure

"WordPress 幻灯片放映插件 Levo-Slideshow 2.3 版本任意文件上传漏洞，来自 FullDisclosure 的公告： https://t.co/Rr2hC7QVlw "
Matt Graeber @mattifestation

[ Windows ] Be mindful of malicious #PowerShell proxy functions... e.g. a simple credential stealer: https://gist.github.com/mattifestation/97ceccd93133c7a1d39a1661922fe545

" 小心 PowerShell Get-Credential API 的 Proxy 函数，这可以被用于窃取密钥︰ https://t.co/DmAJdTU2Mi"
Matt Graeber @mattifestation

[ Windows ] Auto capture a full mem dump for any #PowerShell host process upon termination w/ procdump and WMI https://gist.github.com/mattifestation/7fe1df7ca2f08cbfa3d067def00c01af @ markrussinovich

" 在 PowerShell 宿主进程退出时，自动转储进程内存的脚本： https://t.co/uOhfHcj16Q "
Binni Shah @binitamshah

[ Windows ] Windows 10 updates via UDP bypassing QoS restrictions : https://forums.whirlpool.net.au/forum-replies.cfm?t=2530363

" WhirlPool 论坛的一篇帖子称， Windows 10 会通过 UDP 下载更新，以绕过 QoS 流量限制︰ https://t.co/6eXG7f5sgP"
Rod Trent @rodtrent

[ Windows ] Microsoft expanding Bounty program https://t.co/ndoKiOnxT2

"微软拓宽了 Bug Bounty 项目的覆盖范围 https://t.co/ndoKiOnxT2"

2016/06/08