腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/01/18

Mobile Security @Mobile_Sec

[ Android ] Samsung Mobile January 2017 Security Updates: http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017

"Samsung Android 2 月安全更新︰ https://t.co/nNK1MSn2mj"
Casey Smith @subTee

[ Attack ] [Blog Post] Attacking Drivers With MSBuild.exe http://subt0x10.blogspot.com/2017/01/attacking-drivers-with-msbuildexe.html Exploit driver vulns with C# and a trusted MS binary Feedback Welcome

"利用 MSBuild.exe 攻击驱动： https://t.co/kHfKDb1j2F"
Forcepoint Labs @ForcepointLabs

[ Industry News ] Carbanak Group uses Google for #Malware Command-and-Control http://fc-pt.com/2jtAQLU https://t.co/QKv9pB9lvp

"Carbanak 犯罪团伙利用 Google 作为 C&C 服务器： https://t.co/vHMfdJ8UhR https://t.co/QKv9pB9lvp"
Tarjei Mandt @kernelpool

[ iOS ] The "Demystifying the Secure Enclave Processor" white paper (software edition) on SEPOS and friends: http://mista.nu/research/sep-paper.pdf

"解密 Apple SEP ︰ https://t.co/9nYa5QXCRF"
Andrea Barisani @AndreaBarisani

[ Linux ] Debian 9 Installer RC 1 release includes support for the USB armory: https://www.debian.org/devel/debian-installer/News/2017/20170115

"Debian 9 Installer RC 1 发布︰ https://t.co/0EHEJmAkLX"
r.p. nakamoto @NAKsecurity

[ Mobile ] .@ Qualcomm Secure Boot & Image Authentication - in detail. Blog: https://www.qualcomm.com/news/onq/2017/01/17/secure-boot-and-image-authentication-mobile-tech, FULL WHITEPAPER: https://t.co/afbnevJtsP

"高通 Secure Boot 及 Image Authentication 技术总览（PDF）︰ https://t.co/afbnevJtsP"
Hossein Lotfi @hosselot

[ Mobile ] PoC and details of CVE-2016-3873: Arbitrary Kernel Write in Nexus 9: https://sagi.io/2016/09/cve-2016-3873-arbitrary-kernel-write-in-nexus-9/

"Nexus 9 任意内核写漏洞细节（CVE-2016-3873）: https://t.co/xIimBl4iYp"
Nicolas Krassas @Dinosn

[ Others ] Graftor Variant Leveraging Signed Microsoft Executable https://blog.cylance.com/graftor-variant-leveraging-signed-microsoft-executable

"利用 Microsoft 签名文件作跳板的 Graftor 变体分析： https://t.co/67oi3wApAY"
Will @harmj0y

[ Others ] [Blog] Roasting AS-REPs http://www.harmj0y.net/blog/activedirectory/roasting-as-reps/ how to abuse accounts w/o Kerberos preauth enabled, basic toolset at https://t.co/GByuqww8lu

"Roasting AS-REPs： https://t.co/FX81nGmepn Github： https://t.co/GByuqww8lu"
Wolfgang Weigend @wolflook

[ Others ] Upcoming Java critical patch update contains 17 new security fixes for Oracle #Java SE http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html will be released 17. JAN 2017

"Oracle 发布 1 月重要补丁更新： https://t.co/hOqJApjpOy "
Nicolas Krassas @Dinosn

[ Others ] Facebook's Imagetragick remote code execution http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html

"Fackbook 的 ImageTragick 远程代码执行漏洞分析： https://t.co/sj6HKVyZVD"
Nicolas Krassas @Dinosn

[ Pentest ] Hardware hacking + Red Team = Meraki RCE: When Red Team and Vulnerability Research fell in love. Part 1 https://research.trust.salesforce.com/Meraki-RCE-When-Red-Team-and-Vulnerability-Research-fell-in-love.-Part-1/

"Meraki 网络设备 RCE 与渗透测试： https://t.co/0OVvaCeNSM"
floyd @floyd_ch

[ Tools ] I just released three @ Burp_Suite plugins: https://github.com/floyd-fuh/burp-Collect500 https://github.com/floyd-fuh/burp-ResponseClusterer https://github.com/floyd-fuh/burp-HttpFuzzer

"三个 Burp Suite 插件︰（收集 HTTP 状态码响应包） https://t.co/TZ8Sy29zCF ( HTTP 响应包统计工具) https://t.co/QlS4ipyG1C （ HTTP Fuzz 插件） https://t.co/JtugkjzvZZ"
Keystone Engine @keystone_engine

[ Tools ] We are happy to release Keypatch v2.1 with a new function to search for ROP gadgets in assembly! Please RT… https://t.co/9A2gXSkfZj

"IDA Pro 插件 Keypatch v2.1 版发布，支持搜索 ROP gadget： https://t.co/9A2gXSkfZj"
Dimitrios Margaritis @dmargaritis

[ Tools ] Presentation on Sysmon Deployment with detection examples including Sysmon v5 features http://securitylogs.org/

"关于 Sysmon 和 Sysmon 日志分析的网站： https://t.co/CE9M3DfpAi"
Nicolas Krassas @Dinosn

[ Vulnerability ] PHP LibGD Heap Buffer Overflow https://cxsecurity.com/issue/WLB-2017010111

"PHP GD 库堆缓冲区溢出（CVE-2016-3074）： https://t.co/UHtYgulc2b"

Xuanwu Spider via 安天安全研究与应急处理中心

[ SecurityReport ] 方程式组织Drug攻击平台初步解析—方程式组织系列分析报告之四： http://www.antiy.com/response/EQUATION_DRUG/EQUATION_DRUG.html
Xuanwu Spider via Github

[ Others ] 教你如何正確的提出技術問題並獲得你滿意的答案： https://github.com/ryanhanwu/How-To-Ask-Questions-The-Smart-Way
Xuanwu Spider via 网络安全研究国际学术论坛

[ Browser ] 基于内存漏洞的互联网与本地系统的跨界攻击: The “Web/Local” Boundary Is Fuzzy: https://www.inforsec.org/wp/?p=1741#more-1741
Xuanwu Spider via project zero

[ Android ] Android TSP sysfs "cmd_store" 多处溢出漏洞： https://bugs.chromium.org/p/project-zero/issues/detail?id=967
Xuanwu Spider via project zero

[ Android ] Android: "fps" sysfs entry 缓冲区溢出漏洞： https://bugs.chromium.org/p/project-zero/issues/detail?id=969
Xuanwu Spider via Github

[ Tools ] WSL-Distribution-Switcher - 用于在 Windows 10 中切换多个 Linux 版本的工具： https://github.com/RoliSoft/WSL-Distribution-Switcher
Xuanwu Spider via chromium

[ Browser ] 在 Chrome 浏览器中，http-equiv 中的特殊非 ASCII 字符可能被当成正确的字符解析： https://bugs.chromium.org/p/chromium/issues/detail?id=678150
Xuanwu Spider via project zero

[ Android ] Android sec_ts touchscreen sysfs 接口存在一个条件竞争漏洞： https://bugs.chromium.org/p/project-zero/issues/detail?id=968
Xuanwu Spider via Positive 's blog

[ Others ] 上周推送过一篇《基于 Intel DCI 接口的硬件后门（Slides），可通过 USB 3.0 访问 JTAG 调试接口》，昨天 Positive 研究团队又发了一篇相关的 Blog： http://blog.ptsecurity.com/2017/01/intel-debugger-interface-open-to.html
Xuanwu Spider via twitter

[ Private ] 今年的 PWN2OWN 目标可能会比去年多： https://twitter.com/dragosr/status/821476984194670592

2017/01/18