腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] NanHaiShu: RATing the South China Sea https://labsblog.f-secure.com/2016/08/04/nanhaishu-rating-the-south-china-sea/
"NanHaiShu - 南.海_领_tu 相关的间谍攻击分析报告,来自 F-Secure: https://t.co/qFJ28z26UE"
-
[ Browser ] CSS mix-blend-mode is bad for your browsing history (aka, patience is a virtue): https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html
"CSS 混合模式可以使攻击者更方便地探测你的浏览器历史记录︰ https://t.co/98uoYbXc1t"
-
[ Crypto ] Amazing new HTTPS exploit that uses browser javascript APIs (fetch + resource timing), no MITM needed: http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
" HEIST - 一种新的 HTTPS 攻击方式,通过 TCP Window 还原出 HTTPS 加密实体的字节大小,来自 ArsTechnica 的报道︰ https://t.co/NQNvv5a9P9 作者在 BlackHat 会议演讲的 Paper: http://papers.mathyvanhoef.com/blackhat2016.pdf "
-
[ Detect ] CAPTURING 0DAY EXPLOITS WITH PERFECTLY PLACED HARDWARE TRAPS: https://www.blackhat.com/docs/us-16/materials/us-16-Pierce-Capturing-0days-With-PERFectly-Placed-Hardware-Traps.pdf
" 用预设的完美硬件断点抓 0Day Exploits, 作者在 BlackHat 演讲的 PPT︰ https://t.co/s5Yt8Ayyk2 Paper: https://www.blackhat.com/docs/us-16/materials/us-16-Pierce-Capturing-0days-With-PERFectly-Placed-Hardware-Traps-wp.pdf "
-
[ Exploit ] What browser 0day in 2016 looks like: Technical break-down of the Pwn2Own browser (w/ full-chain to admin) exploits http://documents.trendmicro.com/assets/pdf/shell-on-earth.pdf
" 从浏览器到操作系统的沦陷 - 今年 Pwn2Own 比赛中的那些 0Day,来自趋势科技的 Paper: https://t.co/LIwga4vQEx ; BlackHat 演讲的 PPT: https://www.blackhat.com/docs/us-16/materials/us-16-Molinyawe-Shell-On-Earth-From-Browser-To-System-Compromise.pdf BlackHat 已公开的 PPT 下载: https://www.blackhat.com/us-16/briefings.html 另外为方便大家批量下载 PPT,写了一个简单的 JS 脚本(没有严格测试,可能会有错误,见谅): http://paste.ubuntu.com/22252810/ "
-
[ Exploit ] Absolutely awesome paper: "Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector" http://www.ieee-security.org/TC/SP2016/papers/0824a987.pdf
"Pwnie 大奖的评选结果出来了: http://pwnies.com/winners/ 内存去重攻击获得最具创新奖项: https://t.co/otYcYrriJT 内存去重本来是用于在多虚拟机环境降低内存消耗,但黑客也可以将它作为一个高级攻击向量,利用它实现逐字节的信息泄漏"
-
[ Hardware ] #BHUSA2016 – Researcher explained how to hack any PC with a found USB drive http://securityaffairs.co/wordpress/49999/hacking/found-usb-drive-hack.html
" 用捡到的 U 盘黑掉任何 PC 机,来自 SecurityAffairs 的报道: https://t.co/X5CH0C3kZ4 作者在 BlackHat 会议的演讲 PPT: https://www.blackhat.com/docs/us-16/materials/us-16-Bursztein-Does-Dropping-USB-Drives-In-Parking-Lots-And-Other-Places-Really-Work.pdf "
-
[ iOS ] #iOS 9.3.4 (13G35) has been released for 43 devices - https://ipsw.me/9.3.4
" iOS 发布 9.3.4 更新,更新包的下载: https://t.co/4gE3LE60WL 官方的安全公告: https://support.apple.com/zh-cn/HT207026 "
-
[ Malware ] NELocker - A Javascript Ransomware Boilerplate https://blogs.forcepoint.com/security-labs/nelocker-javascript-ransomware-boilerplate
" ForcePoint 对 Javascript 勒索软件 NELocker 的分析: https://t.co/R8hZjqBvw3"
-
[ Malware ] A look into Neutrino EK’s jQueryGate https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016/08/a-look-into-neutrinos-jquerygate/
" Neutrino EK 的 jQueryGate '网关'分析: https://t.co/CDmxyvJwSM"
-
[ Mitigation ] USING EMET TO DISABLE EMET: https://www.blackhat.com/docs/us-16/materials/us-16-Alsaheel-Using-EMET-To-Disable-EMET.pdf
" Using EMET to Disable EMET,来自 FireEye 研究员在 BlackHat 会议的演讲: https://t.co/AXDld68Hwb"
-
[ Network ] NCC Group Tool: TCP tunneling over HTTP for web application servers - https://github.com/nccgroup/ABPTTS from #BlackHat2016 by @ 0x00C651E0
"ABPTTS - 基于 HTTP/HTTPS 的 TCP 隧道传输工具,NCC Group 开源的: https://t.co/GBUrNoyrAq"
-
[ OpenSourceProject ] [CVE-2016-6583] libtidy global buffer overflow - https://marcograss.github.io/bug/2016/08/03/libtidy-global-bof.html
" HTML 解析库 libtidy 全局变量缓冲区溢出漏洞(CVE-2016-6583),来自 Marcograss Blog: https://t.co/ZHcK69CD7G"
-
[ Others ] XML Schema, DTD, and Entity Attacks paper http://www.vsecurity.com/download/papers/XMLDTDEntityAttacks.pdf
"XML、DTD 以及实体注入攻击 Paper: https://t.co/UbvZqOTdPy"
-
[ Others ] Here are the slides to our @ codewhitesec BH talk "Pwning Your Java Messaging With Deserialization Vulnerabilities": https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf
" 利用反序列化漏洞攻破 JMS(Java 消息服务),来自 BlackHat 会议: https://t.co/Ug4s1AoOOM 作者还公开了一个攻击工具: https://github.com/matthiaskaiser/jmet "
-
[ Others ] A Verified CompCert Front-End for a Memory Model supporting Pointer Arithmetic and Uninitialised Data http://www.irisa.fr/celtique/wilke/jar-16.pdf
" 这篇 Paper 提出了一个 CompCert C 编译器内存模型,其支持指针运算和未初始化数据的访问检查: https://t.co/sVudXp1FUK "
-
[ Others ] Paper and slides for our #blackhat talk today introducing “LDAP Entry Poisoning” and “JNDI Injection”, enjoy! https://www.blackhat.com/us-16/briefings.html#a-journey-from-jndi-ldap-manipulation-to-remote-code-execution-dream-land
" 通过 JNDI 引用注入攻击实现服务端远程代码执行,作者在 BlackHat 会议的演讲 PPT: https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf Paper: https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf "
-
[ Others ] Researchers bypass chip and PIN protections at #BH2016 https://threatpost.com/researchers-bypass-chip-and-pin-protections-at-black-hat/119637/
" 绕过支付卡的 Chip-and-Pin 保护,来自 ThreatPost 的报道: https://t.co/magITyrgN1 作者在 BlackHat 会议的演讲 PPT: https://www.blackhat.com/docs/us-16/materials/us-16-Valtman-Breaking-Payment-Points-of-Interaction.pdf "
-
[ Others ] Oracle EBusiness Suite ‘Massive’ Attack Surface Assessed https://threatpost.com/oracle-ebusiness-suite-massive-attack-surface-assessed/119638/
"攻击 Oracle EBusiness 套件,来自 ThreatPost 的报道: https://t.co/oY9btXeHlt 作者在 BlackHat 会议的演讲 PPT: https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite.pdf "
-
[ Popular Software ] Vulnerability Spotlight: Multiple Arbitrary Code Execution Vulnerabilities Identified in Hancom Hangul Office http://blog.talosintel.com/2016/08/hancom-office-vulnerabilities.html
" 韩国 Hancom Hangul Office 套件的多个漏洞,来自 Talos Blog: https://t.co/otxwSgHJNs"
-
[ Protocol ] Severe vulnerabilities discovered in HTTP/2 protocol http://www.zdnet.com/article/severe-vulnerabilities-discovered-in-http2-protocol/#ftag=RSSbaffb68
" 研究员在 HTTP/2 协议中发现了 4 个严重漏洞,来自 ZDNet 的报道: https://t.co/ABhv7wIUAy Paper: http://www.imperva.com/docs/Imperva_HII_HTTP2.pdf "
-
[ Protocol ] New post: BlackHat2016: badWPAD – The Doubtful Legacy of the WPAD Protocol http://bit.ly/2aYnaTu @ TrendMicro
" badWPAD — 令人生疑的古老 WPAD 协议,来自趋势科技 Blog: https://t.co/i7P0GNMUnU "
-
[ SecurityProduct ] Posted slides from @ BSidesLV 2016 - Powershell-fu: Hunting on the Endpoint by @ gerritzc #bsides #cybersecurity http://www.slideshare.net/ChristopherGerritz/bsideslv-2016-powershell-hunting-on-the-endpoint-gerritz
" 基于 PowerShell 的终端防护解决方案,来自 BSidesLV 2016 会议: https://t.co/pD3yFR5A8Y"
-
[ SecurityProduct ] Captain Hook: Pirating AVS to Bypass Exploit Mitigations [PDF] https://www.blackhat.com/docs/us-16/materials/us-16-Yavo-Captain-Hook-Pirating-AVs-To-Bypass-Exploit-Mitigations.pdf #BHUSA2016
" 利用反病毒软件 Hook 引擎中的漏洞 Bypass Exploit Mitigations,来自 BlackHat 会议: https://t.co/zwdvLx76Fj "
-
[ Tools ] NCC Group Tools: BLESuite - https://github.com/nccgroup/BLESuite / https://github.com/nccgroup/BLESuite-CLI / https://github.com/nccgroup/BLE-Replay by @ TTrabun & @ Greg_NCC_Group
"BLESuite - 专门用于测试蓝牙低功耗设备的工具,NCC Group 团队开源的: https://t.co/JXXAaAE9tT https://t.co/vOnL89yOP9 https://t.co/Pzlm3XMmwS BlackHat 会议上刚好也有一个关于 BLE 的工具 - BLE Proxy, PPT: https://www.blackhat.com/docs/us-16/materials/us-16-Jasek-GATTacking-Bluetooth-Smart-Devices-Introducing-a-New-BLE-Proxy-Tool.pdf Paper: https://www.blackhat.com/docs/us-16/materials/us-16-Jasek-GATTacking-Bluetooth-Smart-Devices-Introducing-a-New-BLE-Proxy-Tool-wp.pdf "
-
[ Tools ] @ badd1e Check out the IDE Kinoma Code http://kinoma.com/develop/code/, and the KinomaJS open source software tree at https://github.com/Kinoma/kinomajs.
" Kinoma Code - 一种全新的 IoT IDE 编程开发环境: https://t.co/HdyBNeUOoN 其中 KinomaJS 还开源了: https://t.co/6R014xU6nE "
-
[ Tools ] Keypatch is a IDA Pro plugin for Keystone Assembler Engine. http://www.keystone-engine.org/keypatch/
"Keypatch 工具发布了,是个基于 Keystone 的 IDA Pro 汇编引擎插件: https://t.co/JiAFGBDjtN"
-
[ Virtualization ] [BLOG] Xen exploitation part 3: XSA-182, Qubes escape: http://blog.quarkslab.com/xen-exploitation-part-3-xsa-182-qubes-escape.html Final notes on finding Xen vm escape and exploitation
" Xen 漏洞利用之 XSA-182 Qubes 操作系统的逃逸,来自 QuarksLab Blog︰ https://t.co/Ki7xXS7ROE "
-
[ Virtualization ] Xenpwn Breaking Paravirtualized Devices - https://www.blackhat.com/docs/us-16/materials/us-16-Wilhelm-Xenpwn-Breaking-Paravirtualized-Devices.pdf https://www.blackhat.com/docs/us-16/materials/us-16-Wilhelm-Xenpwn-Breaking-Paravirtualized-Devices-wp.pdf by @ _fel1x
" 利用 Xenpwn 工具攻破半虚拟化的设备,作者在 BlackHat 会议演讲的 PPT: https://t.co/btdB6yYL9I Paper: https://t.co/DbX39AjAZs Xenpwn 项目地址: https://github.com/felixwilhelm/xenpwn "
-
[ Web Security ] XML External Entity Injection Opens Door to Attacks, Theft https://blogs.mcafee.com/mcafee-labs/xml-external-entity-injection-opens-door-attacks-theft/
"最近 McAfee 监控到了几起 XML 外部实体注入攻击: https://t.co/5xd4blusxe"
-
[ Windows ] Into The Core In-Depth Exploration Of Windows 10 IoT Core - https://www.blackhat.com/docs/us-16/materials/us-16-Sabanal-Into-The-Core-In-Depth-Exploration-Of-Windows-10-IoT-Core-wp.pdf https://www.blackhat.com/docs/us-16/materials/us-16-Sabanal-Into-The-Core-In-Depth-Exploration-Of-Windows-10-IoT-Core.pdf by @ polsab
" Windows 10 IoT 内核的深度剖析,作者在 BlackHat 会议演讲的 Paper: https://t.co/p6eH1xQKGx PPT: https://t.co/RRAxhJRHgL"