腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] SuperSU v2.79-SR1 released https://plus.google.com/+Chainfire/posts/WrCvex7KAZR
"SuperSU v2.79 更新说明: https://t.co/6mMr4IaRv0"
-
[ Attack ] Shellcode embedded in a Windows shortcut (LNK) : https://www.phrozensoft.com/2016/12/shortcuts-as-entry-points-for-malware-poc-part-2-19
"将快捷方式作为恶意程序的入口点(Part2): https://t.co/qIHLyStSDA Part 1: https://www.phrozensoft.com/2016/12/shortcuts-as-entry-points-for-malware-18"
-
[ Conference ] Slides #ZeroNights 2016 https://2016.zeronights.org/conference-materials/presentations/
"ZeroNights 2016 大会PPT: https://t.co/aozWeupWbv"
-
[ iOS ] FYI, new Cydia Impactor and yalu JB beta2: https://yalu.qwertyoruiop.com https://twitter.com/saurik/status/811810095470288896
"iPhone 7 iOS 10.1 越狱工具: https://t.co/td9XMI6Egw https://t.co/1YigC5tR16"
-
[ iOS ] ipc_port_t reference count leak due to incorrect externalMethod overrides leads to OS X/iOS kernel UaF https://bugs.chromium.org/p/project-zero/issues/detail?id=930
"由于错误的 externalMethod 重载让 ipc_port_t 引用计数泄露导致OS X/iOS 内核 UAF 漏洞: https://t.co/rftQf0ZErW"
-
[ macOS ] MacOS kernel code execution due to writable privileged IOKit registry properties https://bugs.chromium.org/p/project-zero/issues/detail?id=974
"可写的 IOkit 注册表属性可导致 MacOS 内核代码执行(CVE-2016-7617): https://t.co/b1kgo4CgFu"
-
[ macOS ] MacOS/iOS arbitrary port replacement in syslogd https://bugs.chromium.org/p/project-zero/issues/detail?id=977
"Mac/iOS syslogd 服务中的任意端口替换(CVE-2016-7660): https://t.co/vwFeUN8uqp"
-
[ MalwareAnalysis ] No slowdown in Cerber ransomware activity as 2016 draws to a close https://blogs.technet.microsoft.com/mmpc/2016/12/21/no-slowdown-in-cerber-ransomware-activity-as-2016-draws-to-a-close/
"到了年末依旧不消停的 Cerber 勒索软件活动分析: https://t.co/khRv7L9mpE"
-
[ MalwareAnalysis ] Tofsee Spambot features .ch DGA - Reversal and Countermesaures: https://www.govcert.admin.ch/blog/26/tofsee-spambot-features-.ch-dga-reversal-and-countermesaures https://t.co/wMWQ0z3GgI
"Tofsee 恶意软件分析︰ https://t.co/Ftj3N6BdKg https://t.co/wMWQ0z3GgI"
-
[ MalwareAnalysis ] Malware Analysis - Full Analysis of Fleercivet (Part 3) https://youtu.be/-ksS8a34bIk
"Fleercivet 恶意软件全面分析 (Part 3): https://t.co/3xnub4Pk1p"
-
[ Operating System ] seL4 (security enhanced L4 w\ formal verification, capabilities) 4.0.0 released, now with x86-64 support: https://t.co/udmet26ZKB
"seL4 微操作系统 4.0.0 发布︰ https://t.co/udmet26ZKB"
-
[ Operating System ] [local] - IBM AIX 6.1/7.1/7.2 - 'Bellmail' Privilege Escalation https://www.exploit-db.com/exploits/40950/
"IBM AIX 6.1/7.1/7.2 操作系统 'Bellmail' 提权漏洞(CVE-2016-8972 ): https://t.co/6YpMug5muB"
-
[ Others ] @ FuzzySec all exploits are also on GitHub now - https://github.com/FuzzySecurity/HackSysTeam-PSKernelPwn
"FuzzySecurity 的 HEVD 利用代码及教程: https://t.co/z80yBsHSxJ"
-
[ Others ] double vm_deallocate in userspace MIG code can lead to UaF in mach services https://bugs.chromium.org/p/project-zero/issues/detail?id=954
"用户态 MIG code double vm_deallocate 导致的 UAF 漏洞: https://t.co/v6K5ofEy1K"
-
[ Virtualization ] Linux Container Internals : http://docker-saigon.github.io/post/Docker-Internals/
"Docker Internals︰ https://t.co/fY7OwsUla4"
-
Xuanwu Spider via seebug[ Popular Software ] Joomla 权限提升漏洞(CVE-2016-9838)分析:http://docs.ioin.in/writeup/paper.seebug.org/_152_/index.html
-
Xuanwu Spider via mozilla blog
[ Browser ] 从几个月之前的 48 版本开始,Firefox 就开始在小范围地推送多进程版本灰度测试,到目前的 50、51 版本,覆盖范围在一步步扩大。与此同时,从 50 版本开始,Firefox 也开始尝试引入 Sandbox 保护,先从 Windows 版本开始: https://blog.mozilla.org/futurereleases/2016/12/21/update-on-multi-process-firefox/