腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/12/29

Eduardo Vela @sirdarckcat

[ Browser ] How to bypass CSP nonces with DOM XSS ? http://sirdarckcat.blogspot.com/2016/12/how-to-bypass-csp-nonces-with-dom-xss.html

"如何利用 DOM XSS 绕过 CSP nonces： https://t.co/iH4tHievpi"
Alex Matrosov @matrosov

[ Conference ] Great talks about UEFI security from #33c3: "Bootstraping a slightly more secure laptop" and "Tapping into the core" https://media.ccc.de/c/33c3

"33C3 2016 大会议题视频集： https://t.co/1Bp6IkfCsV"
Chris Gerlinsky @akacastor

[ Hardware ] Slides from "How Do I Crack Satellite and Cable Pay TV?" at #33c3: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/system/event_attachments/attachments/000/003/101/original/33C3_-_How_Do_I_Crack_Satellite_and_Cable_Pay_TV_slides.pdf (29MB PDF) https://t.co/BN2jsEf2zI

"如何破解卫星和付费电视，来自 33c3 大会议题︰ https://t.co/WG67bJUKht "
Casey Smith @subTee

[ Hardware ] Here's an interesting older vulnerable signed driver. https://github.com/subTee/DriveCrypt Allows you to load Unsigned Drivers.… https://twitter.com/i/web/status/814127098159919104

"借助 DriverCrypt 驱动的老漏洞，在 Win7 X64 系统加载未签名的驱动： https://t.co/5qVSUOY5IO"
Martijn Grooten @martijn_grooten

[ Industry News ] Good news for governments around the world: Firefox for XP will continue to receive updates until September 2017. https://t.co/Djav2n7Trd

"Mozilla 将继续对 Windows XP 和 Vista 上的 Firefox 提供更新： https://t.co/Djav2n7Trd"
Threatpost @threatpost

[ Malware ] #Android Trojan #Switcher infects routers via DNS hijacking - http://bit.ly/2ih5gR3 https://t.co/7yVUKbYwQH

"Android 木马 Switcher 通过 DNS 劫持来感染路由器，中国已有上千个无线网络被感染： https://threatpost.com/android-trojan-switcher-infects-routers-via-dns-hijacking/122779/ 详细分析： https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/"
Binni Shah @binitamshah

[ MalwareAnalysis ] Shortcuts : Another neat phishing trick : https://d.uijn.nl/2016/12/28/shortcuts-another-neat-phishing-trick/

"钓鱼新姿势：利用快捷方式︰ https://t.co/C8Xytydmup"
Yannayl @Yannayli

[ Others ] Detailed write up about three vulnerabilities I found in PHP (5&7) unserialize (PDF) http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf

"CHECK POINT 披露了其发现的三个 PHP 漏洞细节（CVE-2016-7478、CVE-2016-7479、 CVE-2016-7480）： https://t.co/Fssw4v2cry"
plutoo @qlutoo

[ ReverseEngineering ] Awesome presentation @ derrekr6 @ naehrwert @ NedWilliamson! :) Putting up my old wiiu notes https://github.com/plutooo/wiiu

"任天堂 Wii U 逆向纪要： https://t.co/ppto875Fc7"
TrendLabs @TrendLabs

[ SecurityReport ] A series of unexpected incidents made 2016 an interesting year for #cybersecurity. Recap: http://bit.ly/2gWkCWB https://t.co/bO2nbESQ6H

"通过 10 件网络安全大事件，TrendMicro 带你回顾即将过去的 2016 年︰ https://t.co/iz52PZvrr9 https://t.co/bO2nbESQ6H"
TrustedSec @TrustedSec

[ Tools ] New version of PenTesters Framework (PTF) v1.11 New: InSpy, GoBuster, WSO, bug fixes, and more. http://github.com/trustedsec/ptf #TrustedSec

"来自 TrustSec 的渗透测试框架 PTF 发布新版本了： https://t.co/2MbKumcPg5"
HackSys Team @HackSysTeam

[ Tools ] I open sourced my Enhanced Meta File (Partial EMF+ & EMFSPOOL) Fuzzer based on Peach Fuzzing Framework https://github.com/payatu/EMFFuzzer

"基于 Peach Fuzzing 框架的升级版 META 文件 Fuzzer： https://t.co/mX585klAXT"
reddit 보안 봇 @reddit_sec_bot

[ Web Security ] Covert persistence in Express.js applications https://medium.com/@ micaksica/covert-persistence-in-express-js-applications-1054f8e55e61

"在 Express.js 应用中实现持久化控制： https://t.co/WFlcOZqaEL"
Binni Shah @binitamshah

[ Web Security ] SQL Attack (Constraint-based) : https://dhavalkapil.com/blogs/SQL-Attack-Constraint-Based/

"SQL 注入攻击技巧：对数据长度限制加以利用︰ https://t.co/CxYLqAhUT2"
Binni Shah @binitamshah

[ Windows ] Windows X86 System Call Table (NT/2000/XP/2003/Vista/2008/7/8/10) : http://j00ru.vexillium.org/ntapi/ cc @ j00ru

"Windows X86 系统调用表 (NT/2000/XP/2003/Vista/2008/7/8/10): https://t.co/dBV90Gknas "
Mathy Vanhoef @vanhoefm

[ WirelessSecurity ] Slides of my #33c3 talk "Predicting and Abusing WPA2/802.11 Group Keys" http://www.slideshare.net/vanhoefm/predicting-and-abusing-wpa280211-group-keys PDF slides at https://t.co/Wtn3XVyCBB

"预测和滥用 WPA2 / 802.11 组密钥： https://t.co/Wtn3XVyCBB"

Xuanwu Spider via Fulldisclosure

[ Popular Software ] PHPMailer < 5.2.20 RCE 漏洞补丁绕过（CVE-2016-10045）： http://seclists.org/fulldisclosure/2016/Dec/81
Xuanwu Spider via Evi1cg's blog

[ Pentest ] Hack With XSLT： http://evi1cg.me/archives/Hack_With_XSLT.html
Xuanwu Spider via project-zero

[ Android ] 三星 TrustZone tlc_server LOAD_TUI_RESOURCE command 堆溢出漏洞： https://bugs.chromium.org/p/project-zero/issues/detail?id=957
Xuanwu Spider via fail0verflow

[ IoTDevice ] 研究员 fail0verflow 在 33c3 会议的演讲，关于如何 Pwn 索尼 PS4： https://fail0verflow.com/media/33c3-slides/#/3
Xuanwu Spider via GitHub

[ Others ] Intel CPU 安全特性总结： https://github.com/huku-/research/wiki/Intel-CPU-security-features
Xuanwu Spider via seebug

[ Popular Software ] PHP escapeshellarg()+escapeshellcmd() 之殇： http://paper.seebug.org/164/

2016/12/29