腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/11/11

Axelle Ap. @cryptax

[ IoTDevice ] My slides "Infecting Internet of Things" are available here: https://my.owndrive.com/index.php/s/x3JNZJvRW2bvfxw #defcamp (cc: @ DefCampRO) #IoT #malware

"Infecting Internet of Things，来自 defcamp 2016 的议题之一︰ https://t.co/Xa21PlsfZj "
pronto@ °.• ? @_pronto_

[ Linux ] Notes about CVE-2016-7117 Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c https://blog.lizzie.io/notes-about-cve-2016-7117.html

" CVE-2016-7117 Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c： https://t.co/qpwnpK2hct"
Melanie Delannoy @meyny

[ Others ] A glance into Hack.lu 2016 and the 2017 edition announced! https://www.circl.lu/pub/press/20161031/ @ hack_lu @ circl_lu @ secin_lu

"下一届 Hack.lu 将于 2017 年 10 月 16-19 号举行： https://t.co/3HOtGFU5Ij "
OpenSSL announce @OpenSSLannounce

[ Others ] OpenSSL Security Advisory https://mta.openssl.org/pipermail/openssl-announce/2016-November/000087.html

"OpenSSL 安全公告： https://t.co/kfaJA4Fxec"
kmkz @kmkz_security

[ Others ] rubber ducky scripts collection for redTeaming https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads

"USB-Rubber-Ducky Payloads： https://t.co/JUuNRbqCzh"
Binni Shah @binitamshah

[ Pentest ] tplmap : Automatic Server-Side Template Injection Detection and Exploitation Tool : https://github.com/epinna/tplmap

"tplmap -- 一个自动化的服务端模板注射攻击检测和漏洞利用工具： https://t.co/FdupY3JkWx"
kmkz @kmkz_security

[ Pentest ] BIGINT Overflow Error Based #sqli old but ... https://osandamalith.com/2015/07/08/bigint-overflow-error-based-sql-injection/ #PenTest

"基于 SQL 注入的 BIGINT 溢出错误： https://t.co/eQNSlI5vOk "
Palo Alto Networks @PaloAltoNtwks

[ Popular Software ] Unrestricted access to Office 365 can be risky. Navneet Singh explains how to enable it safely http://oak.ctx.ly/r/588at

"如何更安全的使用 Office 365： https://t.co/zDlQBXyQ2F"
Full Disclosure @SecLists

[ Popular Software ] Reflected Cross-Site Scripting vulnerability in W3 Total Cache plugin https://goo.gl/fb/jULOe6 #FullDisclosure

"WordPress 插件（W3 Total Cache）存在反射型 xss 漏洞： https://t.co/lsFLgJ85ue "
Full Disclosure @SecLists

[ Popular Software ] Information disclosure race condition in W3 Total Cache WordPress Plugin https://goo.gl/fb/4m3Ku4 #FullDisclosure

" WordPress 插件（W3 Total Cache）条件竞争可导致信息泄露： https://t.co/s4GJdQ90l4 "
Nicolas Krassas @Dinosn

[ Protocol ] OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking https://threatpost.com/oauth-2-0-hack-exposes-1-billion-mobile-apps-to-account-hijacking/121889/

"由于 OAuth 2.0 协议漏洞问题，导致 1 亿移动应用帐户劫持： https://t.co/F7ZKdOEKQP"
ReWolf @rwfpl

[ ReverseEngineering ] New blog post: "Leaking EPROCESS address of the specific SYSTEM processes" http://blog.rewolf.pl/blog/?p=1683

"泄漏特殊系统进程的EPROCESS结构地址： https://t.co/bhWpFRMDtl"
Nicolas Krassas @Dinosn

[ ReverseEngineering ] Anti reverse engineering. Malware vs Antivirus Software https://www.pelock.com/articles/anti-reverse-engineering-malware-vs-antivirus-software

"反病毒分析技术的方法解析与对抗： https://t.co/vPqm2TufCj"
Nicolas Krassas @Dinosn

[ Rootkit ] Linux LD_PRELOAD rootkit (x86 and x86_64 architectures) https://github.com/mempodippy/vlany

"Vlany -- Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)： https://t.co/FpJ6D3dSkK"
Threatpost @threatpost

[ SCADA ] Siemens discloses local privilege escalation bug in #SCADA gear - http://bit.ly/2eFTjys

"西门子公开了 SCADA gear 中的本地提权漏洞： https://t.co/bP8kRqMVgL"
Binni Shah @binitamshah

[ ThreatIntelligence ] Utilizing Memory & Network Forensics for scalable Threat Detection Response : https://player.vimeo.com/video/188841308 cc @ attrc

"利用内存和网络取证实现可扩展的威胁检测响应（video）︰ https://t.co/ngEXKC3dzS ;"
Binni Shah @binitamshah

[ Tools ] weevely3 : Weaponized web shell : https://github.com/epinna/weevely3

"weevely3 -- 一个可用于远程服务器管理和渗透测试的命令行 web shell： https://t.co/hPgONmVWru"
boogy @0xboogy

[ Tools ] One-gadget RCE in Ubuntu 16.04 libc https://kimiyuki.net/blog/2016/09/16/one-gadget-rce-ubuntu-1604/ #Exploit #libc

"One-gadget RCE in Ubuntu 16.04 libc： https://t.co/FnF0sAyaeN"
Alberto Gª Illera @algillera

[ Tools ] New Ponce v0.2 release with native Linux, OSX and Windows support and multiple bug fixes! Check it out https://t.co/KHiTxxOBRG

"Ponce v0.2 发布，此 IDA 插件可用于污点分析和符号执行： https://t.co/KHiTxxOBRG"
Binni Shah @binitamshah

[ Windows ] Windows Security Hardening Through Kernel Address Protection : http://j00ru.vexillium.org/blog/04_12_11/Windows_Kernel_Address_Protection.pdf (pdf) cc @ j00ru #b2b

"通过内核地址保护加固 Windows 安全（pdf）︰ https://t.co/ryGI3hv9VI "

Xuanwu Spider via MottoIN

[ Web Security ] 利用服务端请求伪造（SSRF）攻击进入内网： http://www.mottoin.com/91641.html
Xuanwu Spider via MottoIN

[ Android ] Nathan：Android安全测试模拟器： http://www.mottoin.com/91660.html
Xuanwu Spider via 上海交大 GoSSIP

[ Hardware ] 如何利用 Rowhammer 漏洞在共宿主的VM环境下攻击OpenSSH的身份验证或伪造Ubuntu软件包的GPG认证： http://securitygossip.com/blog/2016/11/10/2016-11-10/
Xuanwu Spider via TinySec

[ Windows ] TinySec 公开的 win32k.sys CVE-2016-7255 的 PoC： https://github.com/tinysec/public/tree/master/CVE-2016-7255
Xuanwu Spider via MottoIN

[ Tools ] DRAKVUF：黑盒二进制分析平台： http://www.mottoin.com/91636.html
Xuanwu Spider via TinySec

[ Windows ] TinySec 公开的一个微软不认的 win32k PoC: https://github.com/tinysec/public/tree/master/rs1_dwm_dos
Xuanwu Spider via TinySec

[ Windows ] TinySec 公开的一个微软不认的 win8.1 win32k PoC: https://github.com/tinysec/public/tree/master/not_assigned/8dot1_palette
Xuanwu Spider via MottoIN

[ Tools ] Radium-Keylogger：基于Python的多功能键盘记录： http://www.mottoin.com/91644.html

2016/11/11