腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/11/29

Alex Matrosov @matrosov

[ Firmware ] Our slides "UEFI Firmware Rootkits: Myths and Reality" with @ vxradius. Revisited and Updated version for #ZeroNights https://github.com/REhints/Publications/blob/master/Conferences/ZeroNights_2016/UEFI_Rootkits_ZN_2016.pdf

"UEFI Firmware Rootkits: Myths and Reality（slides）： https://t.co/yEPKBYYuBT"
Full Disclosure @SecLists

[ Hardware ] Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability https://goo.gl/fb/8ygS5p #FullDisclosure

"Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS 漏洞： https://t.co/wOx57b9olu "
Help Net Security @helpnetsecurity

[ IoTDevice ] Protecting smart hospitals: A few recommendations - http://bit.ly/2gB6WS3 - @ enisa_eu #EU https://t.co/yOzeFSQJpb

"关于保护智能医院安全性的几个建议： https://www.enisa.europa.eu/publications/cyber-security-and-resilience-for-smart-hospitals"
Nicolas Krassas @Dinosn

[ Linux ] Linux ntpd 4.2.8 derive_nonce Stack Overflow https://packetstormsecurity.com/files/139900/ntp-sof.pl.txt

"Linux ntpd 4.2.8 derive_nonce 栈溢出 poc： https://t.co/aR7aVN3XwW"
CHIPSEC @CHIPSEC

[ Linux ] Using CHIPSEC with Kali Linux: https://github.com/chipsec/chipsec/wiki/Using-CHIPSEC-with-Kali-Linux

"在 Kali Linux 下安装平台安全框架 CHIPSEC 的方法: https://t.co/ucENUH2TxD"
PHR34K @unpacker

[ Malware ] A New All-in-One Botnet : Proteus http://blog.fortinet.com/2016/11/28/a-new-all-in-one-botnet-proteus

"Fortinet 近日发现了一个多功能的僵尸网络︰ Proteus： https://t.co/PUh2qGZP3p"
thomas @sehque

[ Others ] Database of a complete X86/X64 instruction set. http://buff.ly/2g4Rmjz

"一个完整的 X86/X 64 指令集数据库： https://t.co/T4TKmR4ApV"
Daniel Bilar @daniel_bilar

[ Others ] #osdi Kraken: Live traffic tests to identify & resolve resource utilization bottlenecks in web svcs by @adriancolyer https://t.co/erVPELsYpL

"利用实时流量测试来识别和解决大规模Web服务中的资源利用率瓶颈： https://t.co/erVPELsYpL"
Chris Evans @scarybeasts

[ Others ] Oooops.... incorrect fix for my FLIC exploit. So a new post: [0day] [PoC] Incorrect fix for gstreamer FLIC decoder: https://t.co/8XA3xFL4Pt

"由于错误修复 gstreamer FLIC decoder 所带来的新漏洞︰ https://t.co/8XA3xFL4Pt"
JMP 0x30 @nuria_pp

[ Others ] Egg Hunter - Twist in Buffer Overflow - BisonWare FTP Server v3.5 http://hacksys.vfreaks.com/research/egg-hunter-twist-in-buffer-overflow-bisonware-ftp-server-v3-5.html vía @ HackSysTeam

"Egg Hunter – Twist in Buffer Overflow – BisonWare FTP Server v3.5： https://t.co/dQUaoPeFZs"
Nicolas Krassas @Dinosn

[ Others ] All your Paypal OAuth tokens belong to me - localhost for the win http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html

"Paypal OAuth token 劫持： https://t.co/Z7KtDPRi5I"
doar-e @doar_e

[ Others ] New post by @ 0vercl0k "Token Capture via an Llvm-based Analysis Pass" https://doar-e.github.io/blog/2016/11/27/clang-and-passes/

"以 Fuzzing 为目的，基于 LLVM pass 实现的 token finder： https://t.co/9Fsk6cETuY"
Matt Graeber @mattifestation

[ Others ] Code Integrity on Nano Server: Tips/Gotchas http://www.exploit-monday.com/2016/11/Nano-Server-Code-Integrity.html

"Nano Server 上的代码完整性︰提示/陷阱： https://t.co/idhM2FE9el"
Francisco Ribeiro @blackthorne

[ Protocol ] Analysis of OpenSSL ChaCha20-Poly1305 Heap Buffer Overflow (CVE-2016-7054) https://blog.fortinet.com/2016/11/23/analysis-of-openssl-chacha20-poly1305-heap-buffer-overflow-cve-2016-7054

"OpenSSL ChaCha20 Poly1305 堆缓冲区溢出漏洞分析 (CVE-2016-7054)： https://t.co/ZIVNTZvU4m "
Andrew Dove @BurntToast_DFIR

[ ReverseEngineering ] An analysis walkthrough for the latest macros used by #HANCITOR #malware to load shellcode directly into memory: https://t.co/1ahBGSFjZW

"Analysing the Hancitor Maldoc︰ https://t.co/1ahBGSFjZW"
C++ OSS @oss_cpp

[ Tools ] libfuzzer-workshop - Repository for materials of "Modern fuzzing of C/C++ Projects" workshop. https://github.com/dor1s/libfuzzer-workshop

" 'Modern fuzzing of C/C++ Projects' 研讨会材料，来自 ZeroNights 2016 大会： https://t.co/gJKB7EKu7Z"
hasherezade @hasherezade

[ Tools ] My small tool for converting #PE files dumped from the memory into their raw form: https://github.com/hasherezade/malware_analysis/tree/master/pe_unmapper https://t.co/d1Jv3ulAl5

"pe_unmapper -- 可将 PE 文件执行后分配的虚拟内存还原成可执行文件的小工具︰ https://github.com/hasherezade/malware_analysis/tree/master/pe_unmapper"
Didier Stevens @DidierStevens

[ Tools ] New blog post "Update: xor-kpa.py Version 0.0.4" https://blog.didierstevens.com/2016/11/27/update-xor-kpa-py-version-0-0-4/

"xor-kpa.py Version 0.0.4 发布更新： https://t.co/kzrbs4P7BX"
Capstone Engine @capstone_engine

[ Tools ] Another nice tool from Intel use Capstone: SATT to trace & analyze Linux process on Intel Processor Trace hardware. https://t.co/LL82FWsSL6

"SATT Software Analyze Trace Tool: https://t.co/LL82FWsSL6"
Guang Gong @oldfresher

[ Vulnerability ] Full exploit of CVE-2016-6754(BadKernel) and slide of @ SyScan360 2016 shanghai <BadKernel: exploit V8 with a typo> https://github.com/secmob/BadKernel

"BadKernel --- exploit V8 with a typo，来自 SyScan360 2016 大会： https://t.co/gzdvmDvHJt"
Full Disclosure @SecLists

[ Vulnerability ] Schoolhos CMS v2.29 - userberita SQL injection Vulnerability https://goo.gl/fb/bRvmNm #FullDisclosure

"学校内容管理系统 Schoolhos CMS v2.29-userberita SQL 注入漏洞（含 PoC）: https://t.co/2bOAzz2tSL"

Xuanwu Spider via 阿里聚安全

[ Others ] 黑产揭秘：“打码平台”那点事儿： https://jaq.alibaba.com/community/art/show?articleid=628
Xuanwu Spider via Sec-News

[ Web Security ] php一句话后门过狗姿势万千之后门构造与隐藏： http://wiki.ioin.in/post/group/WJ1
Xuanwu Spider via Paper

[ Browser ] 利用特殊协议加载本地文件，绕过 HTML5 沙箱，打开弹窗诸事： http://paper.seebug.org/125/
Xuanwu Spider via Freebuf

[ Pentest ] 神级脚本大集合之PowerShell-Suite： http://www.freebuf.com/sectool/120675.html
Xuanwu Spider via Freebuf

[ Firmware ] 以为禁用麦克风就不会被监听了吗？用耳机也可以哟： http://www.freebuf.com/news/121015.html
Xuanwu Spider via GitHub

[ Android ] 两个 Android 漏洞（cve-2016-6700，cve-2016-6702） PoC： https://github.com/ele7enxxh/poc-exp
Xuanwu Spider via GitHub

[ Tools ] Anti-Anti-Spider-- 一个反爬虫的技术攻关站点： https://github.com/luyishisi/Anti-Anti-Spider

2016/11/29