腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

Florian Roth @cyb3rops

[ Forensics ] CDQR Cold Disk Quick Response > uses Plaso to parse disk images w/ specific parsers & create CSVs by @AlanOrlikoski… https://t.co/0LeaTQXdDz

" CDQR（Cold Disk Quick Response）-- 可在 Windows, Linux 和 MacOS 上使用的取证分析工具： https://t.co/0LeaTQXdDz"
Nicolas Krassas @Dinosn

[ macOS ] Decrypting iCloud Authorization Tokens on macOS https://github.com/manwhoami/MMeTokenDecrypt

" MMeTokenDecrypt -- 解码 macOS 上 iCloud 认证 Token 的工具（/Users/*/Library/Application Support/iCloud/Accounts/DSID）： https://t.co/hSXrmb1dYj "
Nicolas Krassas @Dinosn

[ Others ] Databases of Indian embassies leaked online. Too easy hack them http://securityaffairs.co/wordpress/53137/data-breach/indian-embassies.html

"印度大使馆数据库泄露： https://t.co/8K8mTXcU2z"
Binni Shah @binitamshah

[ Popular Software ] Tumblr XSS Exploit : http://blog.andrewlang.net/post/152805939304/tumblr-xss-exploit

"知名博客平台 Tumblr 存在 XSS 漏洞︰ https://t.co/WymFHHwQzE"
Matt Swann @MSwannMSFT

[ Tools ] Here’s how defenders can leverage ETW to monitor PowerShell method execution #DFIR https://twitter.com/zacbrown/status/795038620549660673

"PowerShellMethodAuditor -- 一个审计工具，可用来记录powershell 调用的各种方法到日志里： https://github.com/zacbrown/PowerShellMethodAuditor"

Xuanwu Spider via FireEye

[ Challenges ] FireEye 2016 Flare-On 比赛的 Writeup： https://www.fireeye.com/blog/threat-research/2016/11/2016_flare-on_challe.html
Xuanwu Spider via BlueHat

[ Browser ] 绿盟科技张云海在 BlueHat 会议的演讲《How To Avoid Implement An Exploit Friendly JIT》的 PPT： http://www.slideshare.net/YunhaiZhang1/how-to-avoid-implement-an-exploit-friendly-jit
Xuanwu Spider via BlackHat EU

[ Android ] 申迪在 BlackHat EU 会议的演讲《Rooting Every Android From Extension To Exploitation》 PPT：https://speakerdeck.com/retme7/rooting-every-android-from-extension-to-exploitation
Xuanwu Spider via 安全客

[ Linux ] 深入解读脏牛Linux本地提权漏洞（CVE-2016-5195）： http://bobao.360.cn/learning/detail/3163.html
Xuanwu Spider via DroidSec 的微博

[ Android ] Mara 手机应用逆向分析框架： https://github.com/xtiankisutsa/MARA_Framework
Xuanwu Spider via 安天实验室

[ Attack ] 安天独家深度曝光分析方程式组织多平台恶意代码武器： http://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&mid=2650170101&idx=1&sn=714546c757db8291d52b6a4332c364a4&chksm=beb9c1c789ce48d1d6a96ed51b2506feab47c344b50461e7a4f72b19d89879dc113669d47a33&scene=0#wechat_redirect