腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/03/06

Florian Roth @cyb3rops

[ Attack ] The increased use of PowerShell in attacks | by @symantec @mylaocoon (PDF) Dec 2016 > good resource for blue teams… https://t.co/658i32eTtP

"基于 Powershell 的攻击方式总结，来自 symantec： https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/increased-use-of-powershell-in-attacks-16-en.pdf"
Exploitee.rs @Exploiteers

[ Attack ] Check out our newest blog post, Hacking the Western Digital MyCloud. Over 83 remote roots! #HackAllTheThings #0day https://t.co/5mBwouzpTZ

"攻击西部数码的 NAS（网络附加存储）设备： https://t.co/5mBwouzpTZ"
Binni Shah @binitamshah

[ Attack ] gargoyle : a memory scanning evasion technique for Windows : https://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html , Github :… https://twitter.com/i/web/status/838286531513180160

" Gargoyle -- 杀毒软件通常会扫描内存查杀病毒，但基于性能考虑，通常只会扫描内存中的可执行内存块。Gargoyle 这项技术基于此，利用延迟过程调用 + ROP 的方法实现杀软检测的逃逸：︰ https://t.co/gBw5p8sLzw Github: https://github.com/JLospinoso/gargoyle"
SkelSec @SkelSec

[ Crypto ] #biterrant a practical example of backdooring binaries using #SHA1 #SHAttered collision using the #bittorrent proto… https://t.co/vlhKGY01wP

"前两周研究员发现了首例 SHA1 碰撞，如果 SHA1 的碰撞更加的可控，那会对 BitTorrent 协议造成什么影响？下载的文件区块（chunks ）将可被替换，藏个后门也是有可能的：： https://biterrant.io/"
Brendan Gregg @brendangregg

[ Linux ] Slides for my #scale15x talk Linux 4.x Tracing: Performance Analysis with bcc/BPF (eBPF) https://www.slideshare.net/brendangregg/linux-4x-tracing-performance-analysis-with-bccbpf

"Linux 4.x Tracing: 利用 bcc/BPF 进行性能分析： https://t.co/uOwi8oga1f"
Bart P @bartblaze

[ MalwareAnalysis ] Great slides by @ decalage2 on malicious macros - VBA Macros Pest Control: http://www.decalage.info/files/THC17_Lagadec_Macro_Pest_Control2.pdf (PDF)

"恶意 Macros 的攻与防︰ https://t.co/2whNCXhZH2 "
Dennis Yurichev @yurichev

[ Others ] Cracking Minesweeper with Z3 SMT solver https://yurichev.com/blog/minesweeper/

" 成为扫雷达人，利用 Z3 SMT solver 破解扫雷游戏： https://t.co/eIaPLR5eUc "
雪碧0xroot @cn0Xroot

[ Others ] Green Lights Forever: Analyzing the Security of Traffic Infrastructure [PDF] https://jhalderm.com/pub/papers/traffic-woot14.pdf https://t.co/Bk9vvfA2y8

"交通基础设施安全性分析: https://t.co/wR9DGbMw96 "
p4r4n0id @p4r4n0id_il

[ SecurityProduct ] bypassing-next-gen-av-for-fun-and-profit - oopppsssss https://lnkd.in/gBbwxgg

"以 Symantec Endpoint Protection 和 Cylance Protect 为例，绕过下一代的反病毒软件: https://t.co/tFSgaNXDqL"
Florian Roth @cyb3rops

[ Tools ] Thx to @ M_haggis for new and extended Windows Sysinternals #Sysmon Sigma rules https://github.com/Neo23x0/sigma/pull/6/files https://t.co/7xh3v3Uc6e

"Sigma -- 一套为日志管理/异常检测系统设计的新规则文件格式： https://github.com/Neo23x0/sigma"
Nicolas Krassas @Dinosn

[ Tools ] Lynis 2.4.4 - Security Auditing Tool for Unix/Linux Systems http://www.kitploit.com/2017/03/lynis-244-security-auditing-tool-for.html

"Lynis -- Unix/Linux 安全审计工具： https://t.co/OUHzEPFAax "
Roberto Rodriguez @Cyb3rWard0g

[ Tools ] Step-by-step. Building a #Sysmon Dashboard with an #ELKStack for #ThreatHunting and tuning Sysmon configs.@elastic… https://t.co/zcsascLT0L

"基于 ELK Stack 搭建一个 Sysmon 日志 Web 管理平台： https://cyberwardog.blogspot.com/2017/03/building-sysmon-dashboard-with-elk-stack.html"
Binni Shah @binitamshah

[ Tools ] AtomOS : A new hobby OS from “scratch” in C# (Monolithic Kernel based x86) : https://github.com/amaneureka/AtomOS https://t.co/nRSTxjHnMw

" Atom OS -- 用 C# 写的一个多任务内核（x86），主要目标是实现托管态的驱动以及更高级别的安全性︰ https://t.co/6k6rnwsjXL https://t.co/nRSTxjHnMw"
whitequark @whitequark

[ Tools ] I've released a new version of my Rust TCP/IP stack, now with TCP client support! https://github.com/m-labs/smoltcp

"smoltcp -- 一个独立的事件驱动型 TCP/IP 网络栈实现： https://t.co/TsReqTdfLf"
Nicolas Krassas @Dinosn

[ Tools ] Metasploit team released Metasploit Vulnerable Services Emulator http://securityaffairs.co/wordpress/56886/hacking/metasploit-vulnerable-services-emulator.html

"Rapid 7 发布 Metasploit 漏洞服务模拟器，供安全研究者模拟漏洞服务： https://t.co/A23Tflusvd"
雪碧0xroot @cn0Xroot

[ WirelessSecurity ] Smart Socket Hack Tutorial http://souliss.net/media/smart-socket-hack/ 来自 @ soulissteam

"Hacking Smart Sockets WiFi 智能插座： https://t.co/dE62hF8scP "

Xuanwu Spider via seebug

[ Popular Software ] Wordpress Username Enumeration：http://paper.seebug.org/239/
Xuanwu Spider via 先知社区

[ Others ] 互联网定位技术小谈：https://xianzhi.aliyun.com/forum/read/775.html
Xuanwu Spider via freebuf

[ SecurityReport ] 腾讯反病毒实验室：“敲诈者”黑产研究报告： http://www.freebuf.com/articles/terminal/128144.html
Xuanwu Spider via 腾讯开源

[ MalwareAnalysis ] 深度剖析APT28最新作品： http://mp.weixin.qq.com/s/ayvlNm6_ng93CwXx5dKtRQ
Xuanwu Spider via 蒸米spark's weibo

[ macOS ] macOS 10.12.2本地提权以及 XNU port 堆风水： https://jaq.alibaba.com/community/art/show?articleid=781 Github： https://github.com/zhengmin1989/macOS-10.12.2-Exp-via-mach_voucher
Xuanwu Spider via Gitbub

[ Tools ] Event-Forwarding-Guidance -- 使用Windows事件转发收集安全日志的脚本与配置文件： https://github.com/iadgov/Event-Forwarding-Guidance
Xuanwu Spider via 看雪学院

[ SecurityProduct ] EPS文件利用如何逃逸 EMET： http://mp.weixin.qq.com/s/1KPWcJsELvtQlDSNXIilLg
Xuanwu Spider via seebug

[ Android ] 阴阳师：一个非酋的逆向旅程，这篇文章介绍的是网易手游《阴阳师》 Android APP 的逆向，主要是 assets/script.npk 文件解码的过程： http://paper.seebug.org/232/
Xuanwu Spider via Github

[ Tools ] Inspeckage - Android APP -- 动态分析工具，通过 Hook 关键 API 的方式，监控 Android APP 的行为： http://ac-pm.github.io/Inspeckage/
Xuanwu Spider via microsoft's blog

[ Tools ] 如何为 WinDbg 调试器写一个扩展： https://blogs.msdn.microsoft.com/sgajjela/2013/03/02/how-to-develop-windbg-extension-dll/
Xuanwu Spider via 易也技术

[ Virtualization ] 粗谈Intel GPU虚拟化的实现（GVT）： http://www.yiiyee.cn/Blog/vgpu-1/
Xuanwu Spider via seebug

[ Vulnerability ] WinDbg 漏洞分析调试（三）之 CVE-2014-6332： http://paper.seebug.org/240/

2017/03/06