腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] CuckooDroid – Automated Android Malware Analysis http://www.darknet.org.uk/2016/08/cuckoodroid-automated-android-malware-analysis/
"CuckooDroid - Android 恶意软件自动化分析框架: https://t.co/oX1ZTcT3i5"
-
[ Attack ] Symantec publishes about Regin 2.9...errr..Remsec: http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets
" 索伦之眼(Eye of Sauron)顶级 APT 攻击,卡巴斯基认为这次攻击的水平与 Duqu、Flame、方程式同等级。由 Strider 间谍组织发起,目标为多个国家政府部门和关键行业组织,来自赛门铁克的分析: https://t.co/3byXEQT4hk ; 其中用到了高级恶意软件 Backdoor.Remsec: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Symantec_Remsec_IOCs.pdf 来自卡巴斯基的分析: https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/ 还有一篇相关的文档: https://dc414.org/download/confs/defcon13/Speeches/DC_13-Brown-Dunlop/mosquito-0.2/doc/mosquito-paper.pdf "
-
[ Browser ] All about WPAD and HTTPS: https://www.microsoft.com/en-us/research/publication/pretty-bad-proxy-an-overlooked-adversary-in-browsers-https-deployments/
"关于 WPAD 和 HTTPS,微软在 2009 年就发表过一篇 Paper《Pretty-Bad-Proxy: An Overlooked Adversary in Browsers’ HTTPS Deployments》(浏览器 HTTPS 部署时一个被忽视的敌人 - Bad Proxy): https://t.co/6EvgZxIvZp 还有一篇来自 Verisign 的 Paper《gTLD 时代 WPAD 命名冲突引起的中间人劫持攻击分析》: https://www.verisign.com/assets/labs/MitM-Attack-by-Name-Collision-Cause-Analysis-and-WPAD-Vulnerability-Assessment-in-the-New-gTLD-Era.pdf "
-
[ Conference ] All #defcon2016 slides: https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/ https://t.co/3Wyatv66yH
" DefCon 2016 会议所有的 PPT 下载︰ https://t.co/0SG9QGKmP6 "
-
[ iOS ] Apple’s BlackHat slides are online! (thanks @ s1guza) https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf
" iOS 安全性的幕后,来自 BlackHat 会议,就是该演讲宣布了苹果的漏洞奖励计划: https://t.co/RLGCamyag1"
-
[ iOS ] Slides for ‘A Journey Through Exploit Mitigation Techniques on iOS’ - https://speakerdeck.com/mbazaliy/a-journey-through-exploit-mitigation-techniques-on-ios #defcon #defcon2016
" iOS 漏洞利用缓解措施概览,来自 DefCon 会议: https://t.co/MjatuivznZ "
-
[ Linux ] Awesome ELF patching kit, easily inject/modify/nerf ELF files with simple Python scripts; https://github.com/lunixbochs/patchkit
" PatchKit - ELF 文件 Patch 工具,Python 语言编写: https://t.co/P7O3vqbkD5"
-
[ NetworkDevice ] NTP bug gives IOS a wedgie http://www.theregister.co.uk/2016/08/08/ntp_bug_gives_ios_a_wedgie/
" 思科 IOS 系统的一个 NTP 拒绝服务漏洞,来自 TheRegister 的报道: https://t.co/FADLQ3draq 官方公告: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge "
-
[ Others ] Since #BadWinmail, #badTunnel, MS-WPRN MITM and #badWPAD vulnerabilities, I think there will be a new direction "Archaeological Security".
" Claud Xiao 称:'看到 BadWinmail、 BadTunnel、 MS WPRN MITM 和 BadWPAD 漏洞,我觉得会有一个新的研究方向出现: '考古安全'"
-
[ Others ] Power cut crashes Delta's worldwide flight update systems http://www.theregister.co.uk/2016/08/08/computer_fault_takes_down_delta/
" 由于停电导致达美航空一台服务器崩溃,数千航班被取消: https://t.co/VUY6klmqni"
-
[ Pentest ] #mimikatz for Windows 10 Anniversary update is ready :) (new SAM encryption) https://github.com/gentilkiwi/mimikatz/releases https://t.co/KipxWfyiOl
"支持本次 Windows 10 大版本更新的 Mimikatz 发布了: https://t.co/Wzb5GAxx6L "
-
[ Pentest ] Hack Remote Windows PC using DLL Files (SMB Delivery Exploit) http://www.hackingarticles.in/hack-remote-windows-pc-using-dll-files-smb-delivery-exploit/
" 利用 Metasploit smb_delivery 模块黑掉远程的 Windows PC: https://t.co/6Pm8YdxxMn"
-
[ Rootkit ] Now at #WOOT16: “Hardware-Assisted Rootkits: Abusing Performance Counters on the ARM and x86 Architectures” https://www.usenix.org/conference/woot16/workshop-program/presentation/spisak
" 滥用 ARM 和 x86 架构的性能计数器,实现硬件辅助的 Rootkit,Paper: https://t.co/JDClh3Ss3a"
-
[ Tools ] w0w, Metame, a new metamorphic engine using Keystone inside to inject code into binaries! https://github.com/a0rtega/metame https://t.co/frRPEC0Kd1
" 二进制多态引擎 Metame,恶意软件常用这种多态的方法逃逸杀软基于特征的检测: https://t.co/hPrN97xXvv "
-
[ Tools ] IDA v6.95 and Decompiler v2.5 released! New: iPhone debugger and PowerPC decompiler https://www.hex-rays.com/products/ida/6.95/index.shtml https://www.hex-rays.com/products/decompiler/news.shtml#160808 #REhints
"IDA v6.95、Hex-Rays v2.5 发布,新增 iPhone 调试器和 PowerPC 反编译支持: https://t.co/NBGiAyqNKZ https://t.co/uMZe22lXXe "
-
[ Web Security ] phpCollab v2.5 CMS - SQL Injection Vulnerability http://goo.gl/fb/nak8x0 #FullDisclosure
"phpCollab v2.5 CMS SQL 注入漏洞,来自 FullDisclosure 公告: https://t.co/YFNOEPqti6 "
-
[ Windows ] @ aionescu Just posted the slides here http://www.slideshare.net/zeroSteiner/is-that-a-penguin-in-my-windows #BSidesLV
" SecureState 研究员在 BSidesLV 会议关于 Windows Linux 子系统的演讲: https://t.co/zLO10IiB1l "
-
[ WirelessSecurity ] Putting LTE Security Functions to the Test: A Framework to Evaluate Implementat. Correctness https://www.usenix.org/system/files/conference/woot16/woot16-paper-rupprecht.pdf https://t.co/llfWHsxq60
" 让 LTE 安全功能变得可测 - 一个评估 LTE 实现正确性的框架,Paper: https://t.co/z5OTJY4lHW "
-
[ WirelessSecurity ] (PDF slides) - MouseJack: Injecting Keystrokes into Wireless Mice: https://lnkd.in/eTEHvbu
" MouseJack - 将击键记录器注入到无线鼠标中,来自 DefCon 会议的演讲︰ https://t.co/assPwxYfG6"
