腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] Firefox - SVG cross domain cookie vulnerability https://insert-script.blogspot.gr/2016/12/firefox-svg-cross-domain-cookie.html
"借助 SVG,实现跨域设置 Cookie(Firefox 的漏洞): https://t.co/yHhDFZ5sA2"
-
[ IoTDevice ] Analyzing yet another Smart Home device / eibPort by BAB TECHNOLOGIE GmbH - https://insinuator.net/2016/12/analyzing-yet-another-smart-home-device/
"家庭智能设备 eibPort 分析: https://t.co/Cg0mTrppaG"
-
[ IoTDevice ] Reverse Engineering Traffic Lights with an RTL-SDR Part 2 http://www.rtl-sdr.com/reverse-engineering-traffic-lights-with-an-rtl-sdr-part-2/
逆向移动交通信号灯(Part 2): https://t.co/F1I6ga0lox"
-
[ IoTDevice ] Backdoor in Sony IPELA Engine IP Cameras : http://blog.sec-consult.com/2016/12/backdoor-in-sony-ipela-engine-ip-cameras.html , PoC : https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt
"Sony IPELA Engine IP 摄像头被发现存在后门,攻击者能执行任意代码同时还能监视你︰ https://t.co/vYI2LZMqUf PoC: https://t.co/beb3X2IutU"
-
[ Linux ] CVE-2016-8655 Linux "triggered from within containers to compromise the host kernel" http://www.openwall.com/lists/oss-security/2016/12/06/1
"Linux af_packet.c 条件竞争漏洞(CVE-2016-8655): https://t.co/XMwscQMXwG"
-
[ Linux ] CVE-2016-7076 sudo: noexec bypass via wordexp() https://bugzilla.redhat.com/show_bug.cgi?id=1384982
"CVE-2016-7076 sudo: noexec bypass via wordexp() : https://t.co/blOJ7IN1Rd"
-
[ Linux ] Linux Fundamentals : http://linux-training.be/linuxfun.pdf (pdf) // 7.0 Mb
"Linux 基础知识教程(PDF)︰ https://t.co/hRJnRgFbLu "
-
[ Malware ] Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads - http://www.welivesecurity.com/2016/12/06/readers-popular-websites-targeted-stealthy-stegano-exploit-kit-hiding-pixels-malicious-ads/
"据外媒报道,数百万的流行新闻网站受到了来自恶意广告的攻击: https://t.co/Y63aA2SCWX"
-
[ MalwareAnalysis ] A short blog post on Process Hollowing and how to follow it in OllyDbg. http://blog.airbuscybersecurity.com/post/2016/06/Following-Process-Hollowing-in-OllyDbg
"在 OllyDbg 中理解、调试 Process Hollowing : https://t.co/7RJNB6PE26"
-
[ MalwareAnalysis ] Deep Analysis of the Online Banking Botnet TrickBot http://blog.fortinet.com/2016/12/06/deep-analysis-of-the-online-banking-botnet-trickbot
"对在线银行僵尸网络 TrickBot 的深入分析: https://t.co/bb1gHpheab"
-
[ Mobile ] Post mortem on #Samsung Galaxy Note 7 https://www.instrumental.ai/blog/2016/12/1/aggressive-design-caused-samsung-galaxy-note-7-battery-explosions https://t.co/thmaXZjESX
"激进设计导致 Samsung Galaxy Note 7 爆炸: https://t.co/TW1aFPrc2P https://t.co/thmaXZjESX"
-
[ Mobile ] Samsung Mobile December 2016 Security Updates: http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016
"三星手机 12 月安全更新︰ https://t.co/8WSC4xCG9I"
-
[ Others ] DailyMotion Hack Leaks Emails, Passwords of 87M Users: https://threatpost.com/dailymotion-hack-leaks-emails-passwords-of-87m-users/122276/ via @ threatpost
"视频分享网站 DailyMotion 被黑, 8700万用户信息泄露: https://t.co/dBhGNRNula"
-
[ Others ] Top 10 vulnerabilities used by exploit kits in 2016: http://bit.ly/2h1Y2gF #ThreatIntel #InfoSec https://t.co/0ooJy5SRWJ
"2016 年 exploit kit 使用最广泛的10个漏洞︰ https://t.co/6BJ40iEUF6 "
-
[ Others ] FreeBSD bhyve virtual machine escape: https://lists.freebsd.org/pipermail/freebsd-security/2016-December/009190.html by @ _fel1x, n1! :) #FreeBSD #bhyve
"FreeBSD bhyve 虚拟机逃逸(CVE-2016-1889)︰ https://t.co/dMEMsehDsV "
-
[ Others ] North Korea Hacks South Korea Military Cyber Command http://www.bbc.com/news/world-asia-38219009
"朝鲜黑了韩国军事网络司令部,来自 BBC 报道: https://t.co/YUOkclK6wN"
-
[ Others ] 5-Level Paging and 5-Level EPT - https://software.intel.com/sites/default/files/managed/2b/80/5-level_paging_white_paper.pdf
"5-Level Paging and 5-Level EPT: https://t.co/Chsvpfj9k9"
-
[ Others ] Is using /arch:AVX for faster code: a) Great! b) Trickier than I thought! c) Both! https://randomascii.wordpress.com/2016/12/05/vc-archavx-option-unsafe-at-any-speed/
"VC++ /arch:AVX option - 为新指令集生成高效代码时,会存在安全问题吗?: https://t.co/L08QIiqdBK"
-
[ Others ] Building a Homemade FM Repeater with a Raspberry Pi, Rpitx and RTL-SDR Dongle http://www.rtl-sdr.com/building-a-homemade-fm-repeater-with-a-raspberry-pi-rpitx-and-rtl-sdr-dongle/
"使用树莓派、Rpitx 和 RTL-SDR Dongle 自制 FM Repeater: https://t.co/1cOADM026F "
-
[ Others ] Write a Shell in C : https://brennan.io/2015/01/16/write-a-shell-in-c/
"用 C 写一个 Shell: https://t.co/UDFkjgQA0O"
-
[ Others ] Toy decompiler for x86-64 written in Python : https://yurichev.com/writings/toy_decompiler.pdf (pdf) cc @ yurichev
"用 Python 写个反编译器(PDF): https://t.co/6cvme7UaI9 "
-
[ Others ] The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability: https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/ Rackspace customers still vulnerable.
"利用 AWS、Google cloud、Rackspace 及 Digital Ocean 中的 DNS 漏洞接管超 12 万域名︰ https://t.co/cg5tPsYRXX "
-
[ Others ] #DailyBug #MSIE 9 jscript9 JavaScriptStackWalker memory corruption Interesting bc "stack use-after-free" & time-line http://blog.skylined.nl/20161206001.html
"#DailyBug #MSIE 9 jscript9 JavaScriptStackWalker 内存损坏有趣 bc"堆栈使用后免费"& 时间线 https://t.co/epTwYgHxKp"
-
[ Others ] Nintendo expands bug bounty program http://www.zdnet.com/article/nintendo-expands-bug-bounty-program/#ftag=RSSbaffb68
"任天堂扩展了自家 bug bounty 计划,安全研究人员可获得高达两万美元的奖励: https://t.co/yfZd0rVS6w"
-
[ Pentest ] Mastering Kali Linux for Advanced Penetration Testing : http://www.arthur-training.com/Downloads/ITT/Mastering%20Kali%20Linux%20for%20Advanced%20Penetration%20Testing%20-%20Beggs,%20Robert.pdf (pdf* | 9.5 Mb)
"Kali Linux 高级渗透测试(PDF)︰ https://t.co/16oZDVHsRt "
-
[ SecurityReport ] A 60 page report on attacks from Iot botnets, by Institute for Critical Infrastructure Technology (@ICITorg):… https://t.co/opYuf9rW5Q
"60 页针对 Iot botnet 的报告,来自 ICIT: https://t.co/opYuf9rW5Q"
-
[ Tools ] Threat Hunting https://github.com/ThreatHuntingProject/ThreatHunting/tree/master/hunts More Info http://www.threathunting.net/ by @ ThreatHuntProj @ DavidJBianco https://t.co/Awq2dEZsow
"Threat Hunting: https://t.co/Awq2dEZsow GitHub: https://t.co/V8flxSfrdA 详细信息: https://t.co/lbufanGXpK"
-
[ Tools ] Bandit - static analysis for Python https://security.openstack.org/#bandit-static-analysis-for-python
"Bandit -- 一个 Python 静态分析工具: https://security.openstack.org/#bandit-static-analysis-for-python "
-
[ Tools ] Piña Colada - Open Source Wifi Pineapple(capable of performing wide range of remote offensive attacks on a network): https://github.com/ecthros/pina-colada
"Piña Colada -- 开源 Wifi Pineapple,可以用于各种网络远程攻击: https://t.co/iPIG5ZhNm6"
-
[ Tools ] A tool to make Windows builds reproducible : https://github.com/jasonwhite/ducible
"Ducible -- A tool to make Windows builds reproducible︰ https://t.co/bqIGg8hqdb"
-
[ Tools ] Al-Khaser v0.65 - Public Malware Techniques Used In The Wild http://www.kitploit.com/2016/12/al-khaser-v065-public-malware.html
"Al-Khaser v0.65 -- 在野恶意软件使用的技术: https://t.co/D89mIFQfGD"
-
[ Vulnerability ] New Post! Vacuuming Image Metadata from The Wayback Machine | Automating OSINT Blog http://bit.ly/2hcxHvq #osint #python
"如何用 waybackpack 包获取图片中的隐藏数据: https://t.co/OatqHjt6s2 "
-
[ Vulnerability ] [1days] [0days] [PoCs] More gstreamer FLIC / vmnc issues http://scarybeastsecurity.blogspot.com/2016/12/1days-0days-pocs-more-gstreamer-flic.html
"更多 gstreamer FLIC / vmnc 的问题: https://t.co/hZi3Q4ABOk"
-
[ Vulnerability ] Vulnerability Spotlight: ImageMagick Convert Tiff Out of Bounds Write http://blog.talosintel.com/2016/12/ImageMagick-Tiff-out-of-Bounds.html
"ImageMagick 在处理压缩后的 TIFF 图片时存在远程代码执行漏洞(CVE-2016-8707): http://www.talosintelligence.com/reports/TALOS-2016-0216/"
-
[ Vulnerability ] There you go Netcat! GNU Netcat DoS - Out of bounds write - https://www.exploit-db.com/exploits/40866/ #DailyBug #infosec #netcat
"NetCat 0.7.1 - Denial of Service: https://t.co/mN5O6mFWph "
-
[ Vulnerability ] Roundcube Command Execution via Email https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
"利用开源 webmail 软件 Roundcube >= 1.0 写一封邮件来远程执行任意代码: https://t.co/V2khPCCVeH"
-
[ Windows ] [remote] - Microsoft Internet Explorer jscript9 - JavaScriptStackWalker Memory Corruption (MS15-056) https://www.exploit-db.com/exploits/40881/
"Microsoft IE jscript9 - JavaScriptStackWalker 内存破坏漏洞( CVE-2015-1730 ): https://t.co/KpOLPx0KKj 漏洞详情: http://blog.skylined.nl/20161206001.html"
-
[ Windows ] [local] - Microsoft PowerShell - XML External Entity Injection https://www.exploit-db.com/exploits/40873/
"微软 PowerShell 存在 XML 外部实体注入漏洞(含 PoC): https://t.co/e25O1bRFWQ"
-
[ WirelessSecurity ] Reversing Bus Telemetry https://www.bastibl.net/reversing-bus-telemetry/ cc @ bastibl #SDR #GnuRadio https://t.co/NJnoSMCotl
"Reversing Bus Telemetry: https://t.co/ovQsioj94Q"
-
[ WirelessSecurity ] How To Building a SDR Server With OpenWrt And RTL http://www.spriteking.com/archives/1622 #RTL #SDR #GnuRadio https://t.co/ZpizOQ5w1h
"如何用极路由+OpenWrt+RTL电视棒搭建一台SDR服务器,并隐秘地捕获和传输数据: https://t.co/4cHywHeMbO "
-
Xuanwu Spider via 微软 MSRT[ Malware ] 微软 MSRT 昨晚发了一篇 Blog,报道 Clodaconas 广告软件是如何劫持用户浏览器插入广告的(安装根证书,DNS 劫持),但这篇 Blog 今天被删了: https://blogs.technet.microsoft.com/mmpc/2016/12/06/msrt-december-2016-addresses-clodaconas-which-serves-unsolicited-ads-through-dns-hijacking/ Google Cache: https://webcache.googleusercontent.com/search?q=cache:QB3dmsD45e8J:https://blogs.technet.microsoft.com/mmpc/2016/12/06/msrt-december-2016-addresses-clodaconas-which-serves-unsolicited-ads-through-dns-hijacking/+&cd=1&hl=zh-CN&ct=clnk&gl=cn
-
Xuanwu Spider via Retme
[ Android ] 科恩实验室 Retme 公开了他在 BlackHat Europe 会议的演讲 PPT 《Rooting Every Android From Extension To Exploitation (slides) 》,主要介绍 Android WEXT 的攻击界面以及 3 个 Root Exploits 的细节: https://speakerdeck.com/retme7/rooting-every-android-from-extension-to-exploitation
-
Xuanwu Spider via 趋势科技
[ Android ] 趋势科技的一篇 Blog,谈利用 Dirty Cow 漏洞攻击 Android: http://blog.trendmicro.com/trendlabs-security-intelligence/new-flavor-dirty-cow-attack-discovered-patched/