腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/12/13

Threatpost @threatpost

[ Browser ] Alpha version of sandboxed Tor Browser released - http://bit.ly/2hm9uq4 https://t.co/dFhrmgwTEc

"Tor 技术专家发布了 Alpha 版的受沙箱保护的 Tor 浏览器，用于保护用户匿名性： https://t.co/yq9WFC4h8w https://t.co/dFhrmgwTEc"
雪碧0xroot @cn0Xroot

[ Browser ] Bluetooth support for the Web. Web Bluetooth: https://webbluetoothcg.github.io/web-bluetooth/ https://www.w3.org/community/web-bluetooth/ https://t.co/24r6FSn03I

" Web Bluetooth API 草案规范发布︰ https://t.co/TrT9RGI0eF "
Binni Shah @binitamshah

[ Hardware ] Netgear R7000 - XSS : https://www.exploit-db.com/exploits/40898/

"Netgear R7000 路由器存在 XSS 漏洞: https://t.co/1SCaFrIusQ"
Full Disclosure @SecLists

[ iOS ] Apple iOS/tvOS/watchOS Remote memory corruption through certificate file https://goo.gl/fb/Vp8J0s #FullDisclosure

"Apple iOS/tvOS/watchOS 证书文件导致的远程内存破坏： https://t.co/B2Hyq58QcB"
Threatpost @threatpost

[ iOS ] Apple fixes 12 vulnerabilities - two that could lead to code execution - with iOS 10.2 update - http://bit.ly/2hmri4r

"苹果修复了 12 个漏洞，其中有两个可能导致代码执行： https://t.co/xj2ao5f3Y7"
Project Zero Bugs @ProjectZeroBugs

[ Mobile ] Stack buffer overflow and information disclosure in OTP TrustZone trustlet via OTP_GET_CRYPTO_DERIVED_KEY https://bugs.chromium.org/p/project-zero/issues/detail?id=939

"三星设备的 OTP TrustZone 内出现栈溢出及信息泄露漏洞： https://t.co/eEvEv5Svn3"
Francisco Ribeiro @blackthorne

[ Others ] discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code https://www.internetsociety.org/sites/default/files/blogs-media/discovre-efficient-cross-architecture-identification-bugs-binary-code.pdf https://t.co/422455dPci

"discovRE︰ Efficient Cross-Architecture Identification of Bugs in Binary Code： https://t.co/RVRgkQXVOF "
Binni Shah @binitamshah

[ Others ] Escaping a restricted shell : https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/

"绕过受限 shell 的小技巧︰ https://t.co/vvtDVGXBco"
Binni Shah @binitamshah

[ Others ] 127 Billion Cracks - Password Cracking On A “Budget” (How To Build A Password Cracking Rig) : http://www.netmux.com/blog/how-to-build-a-password-cracking-rig

"如何打造一个密码破解装置︰ https://t.co/ar7dB27qsT"
Binni Shah @binitamshah

[ Others ] PowerShell Attacks - Brief Report : https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/increased-use-of-powershell-in-attacks-16-en.pdf (wp/pdf)

"针对日益增多的 PowerShell 攻击的研究简报（PDF）︰ https://t.co/zLn0d5k6hs "
Matthew Risck @Mateusz_Jozef

[ SecurityProduct ] [POC] CVE-2016-8020: McAfee Virus Scan for Linux allows for remote code execution as root https://nation.state.actor/mcafee.html

"McAfee Linux 版杀毒软件存在多个漏洞，结合这多个漏洞可实现 root 权限远程执行代码： https://t.co/VbTb8HZlPP"
Binni Shah @binitamshah

[ SecurityProduct ] Art of Anti Detection – 1 : Introduction to AV & Detection Techniques : https://www.exploit-db.com/docs/40900.pdf (pdf)

"免杀的艺术，文章主要讲述了绕过杀软检测、内存加载︰ https://t.co/580yMRwXae "
Jean-Ian Boutin @jiboutin

[ SecurityReport ] our @ virusbtn paper"Modern attacks on Russian financial institutions" is now available! links here http://www.welivesecurity.com/2016/12/12/modern-attacks-russian-financial-institutions/ /cc @ cherepanov74

"针对俄罗斯金融机构的现代攻击（Paper）： https://www.virusbulletin.com/uploads/pdf/magazine/2016/VB2016-Boutin-Cherepanov.pdf "
Hacker News 20 @newsyc20

[ Tools ] Show HN: xOS a 32-bit OS for the PC https://github.com/omarrx024/xos (http://bit.ly/2gNcJ6l)

"xOS -- 一个小而全的汇编语言写的 OS： https://t.co/vkjH6XmOnv"
Andrea Continella @_conand

[ Tools ] Our paper on #Ransomware-Resilient Filesystem is now public! http://shieldfs.necst.it/ @ Giulio_DP @ q3_c0d3 @ raistolo @ phretor

"ShieldFS:一个可自我修复、感知勒索软件的文件系统（Paper）： http://shieldfs.necst.it/continella-shieldfs-2016.pdf"
Nicolas Krassas @Dinosn

[ Tools ] FileBuster - An Extremely Fast And Flexible Web Fuzzer http://www.kitploit.com/2016/12/filebuster-extremely-fast-and-flexible.html

"FileBuster -- 一个极其快速灵活的 Web Fuzzer： https://t.co/9C9Wn6TiSK"
Nicolas Krassas @Dinosn

[ Vulnerability ] Unauthenticated SQL Injection in 'Teampass' collaborative password manager https://blog.ripstech.com/2016/teampass-unauthenticated-sql-injection/

"密码管理软件 Teampass 存在未授权 SQL 注入漏洞： https://t.co/qcBDg9aWU0 "
rtl-sdr.com @rtlsdrblog

[ WirelessSecurity ] New Linux RTL-SDR Driver with Fully Exposed Controls http://www.rtl-sdr.com/new-linux-rtl-sdr-driver-with-fully-exposed-controls/

"新的 Linux RTL-SDR 驱动程序发布： https://t.co/7Iryte9dDt"
雪碧0xroot @cn0Xroot

[ WirelessSecurity ] Nice idea from @ NCCGroupplc ：GSM/GPRS Traffic Interception for Penetration Testing Engagements… https://twitter.com/i/web/status/808236195553550336

"渗透测试中的 GSM/GPRS 流量拦截： https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/may/gsmgprs-traffic-interception-for-penetration-testing-engagements/"

Xuanwu Spider via Trustlook

[ Android ] Digging into ADUPS FOTA data collection details，Trustlook 团队对上海广升 FOTA（Firmware Over-The-Air）用户数据采集功能的分析： http://blog.trustlook.com/2016/12/12/digging-into-adups-fota-data-collection-details/
Xuanwu Spider via 腾讯安全应急响应中心

[ Android ] CVE-2016-6771： Android 语音信箱伪造漏洞分析： https://security.tencent.com/index.php/blog/msg/110
Xuanwu Spider via Seebug

[ Popular Software ] Wordpress functions.php 主题文件后门分析： http://paper.seebug.org/140/
Xuanwu Spider via FreeBuf

[ Pentest ] 内网安全（一）：从一封钓鱼邮件开始: http://www.freebuf.com/articles/database/122591.html
Xuanwu Spider via 蒸米spark weibo

[ iOS ] 针对 iOS 9.3.4 及 iPad3,1 三叉戟漏洞的 exp 及 patch 源码： https://github.com/benjamin-42/Trident
Xuanwu Spider via 先知安全技术社区

[ Browser ] 初探 CSP Bypass： https://xianzhi.aliyun.com/forum/read/523.html

2016/12/13