腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/03/14

Android Developers @AndroidDev

[ Android ] Learn about what @ Google's been doing to protect #Android users from malicious apps: https://goo.gl/paqlJl

"Android 官方开发者 Blog 通报了一款 Chamois Botnet 恶意软件（家族）︰ https://t.co/VtOSHuiySo"
Michael Helwig @c0dmtr1x

[ Android ] Wrote a thing about hacking Android apps with Frida (@fridaotre) and a quick glance on r2frida for @radare2: https://t.co/52BChR3kls

"利用 FRIDA 框架 hack Android 应用: https://t.co/52BChR3kls"
Mobile Security @m0bile_security

[ Android ] Hooking and Patching #Android Apps Using #Xposed Framework #androidsecurity #mobilesecurity #ReverseEngineering https://t.co/ButOCVvPjb

"使用 Xposed 框架 Hooking 及 Patching Android 应用： https://t.co/ButOCVvPjb"
Yury Zhauniarovich @zyrikby

[ Android ] Releasing data related to the evolution of the Android permissions work https://github.com/zyrikby/android_permission_evolution as promised at #AndroidSecuritySymposium

" Android 权限演变分析： https://t.co/Zh4H9a8JYu "
Binni Shah @binitamshah

[ Android ] Android Internals : http://newandroidbook.com/ Download : http://newandroidbook.com/AIvI-M-RL1.pdf (pdf) Author Cr : @ Morpheus______

"《Android Internals: A Confectioner's Cookbook》的作者看到 CIA 泄露的资料里有一本旧版他的书，他说他既不能告 CIA 侵权，也不能告 Wikileaks，所以干脆最新版也直接免费下载了︰ https://t.co/iaxH5XSwyo pdf下载︰ https://t.co/Re0udwyd8d "
Binni Shah @binitamshah

[ Browser ] WebKit JS exploit used for iOS 9.3.3 jailbreak / Nintendo Switch(CVE-2016-4657/Demo): https://www.youtube.com/watch?v=xkdPjbaLngE , PoC: https://github.com/LiveOverflow/lo_nintendoswitch/blob/master/poc1.html

"任天堂 Switch 和 iOS 9.3 共同点在哪里？一起走进 CVE-2016-4657: https://t.co/J2tgiraDPW PoC: https://t.co/ZkUXltO40r"
Sarah Edwards @iamevltwin

[ iOS ] Pincodes, Passcodes, & TouchID on iOS - An Intro to the Aggregate Dictionary DB (ADDataStore.sqlite) https://t.co/VCdUVAfAI6 #mac4n6 #DFIR

"Apple 称 iPhone 的指纹解锁平均每天使用 80 次，这个数据怎么得到的呢？本地有数据库保存这个了？： https://t.co/VCdUVAfAI6 "
Bo0oM @i_bo0om

[ Others ] Telegram mass hack on PHDays https://bo0om.ru/telegram-love-phdays-en https://redd.it/5z4pk1 #Blog #Telegram #CRLF #Phishing

"Hacking telegram.me： https://t.co/Sxe7p28sFK "
Daniel Bohannon @danielhbohannon

[ Others ] New PS Obfuscation Blog Post :: PowerShell Execution Argument Obfuscation (& How It Can Make Detection Easier!) https://t.co/ue42Wa9uV9

" Powershell 混淆传参： https://t.co/ue42Wa9uV9"
McAfee Labs @McAfee_Labs

[ Others ] Our analysis of CVE-2017-3731 details how truncated packets can cause denial of service in OpenSSL:… https://t.co/LBZlwmfTUM

"针对 CVE-2017-3731 的分析： https://t.co/LBZlwmfTUM"
Brian Beaudry @sizzop

[ Others ] Finally finished a short update to my Kernel Hacking series. Includes SMEP bypass on Win8.1: https://sizzop.github.io/2016/09/13/kernel-hacking-with-hevd-part-5.html /cc @ HackSysTeam

"HEVD 内核攻击 part 5 -- 绕过SMEP保护: https://t.co/j1hDwhU7n8 "
Adrian Rueegsegger @Kensan42

[ Others ] Mirage/Solo5 unikernel running on Muen serving project website https://muen.sk/ #MirageOS https://t.co/YKEfLqTujo

"Muen -- 瑞士 HSR 大学网络解决方案研究所开发的一个高可用的微内核实现（Micro Kernel ）： https://t.co/UePBFPaYM7 "
G DATA ADAN @gdata_adan

[ Others ] New blog post: Zeus Panda Webinjects pt.2 - Don't trust your eyes https://cyber.wtf/2017/03/13/zeus-panda-webinjects-dont-trust-your-eyes/

"Zeus Panda Webinjects ： https://t.co/yof0b3yvCo"
Roberto Rodriguez @Cyb3rWard0g

[ Others ] Hunting for In-Memory #Mimikatz with #Sysmon and #ELKStack - Part I (Event ID 7). #ThreatHunting #dfir… https://t.co/RqUpawYlkX

"利用 Sysmon 和 ELK 日志分析平台检测内存的 Mimikatz： https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for.html"
Nicolas Krassas @Dinosn

[ Others ] Critical vulnerability in JSON Web Encryption (#JWE) - RFC 7516 Invalid Curve Attack http://blog.intothesymmetry.com/2017/03/critical-vulnerability-in-json-web.html

" JSON Web Encryption (JWE) 出现严重漏洞，导致发送方可恢复接收方的私钥： https://t.co/l4EQ3yN64p"
Brett Buerhaus @bbuerhaus

[ Popular Software ] How @ nahamsec and I got Remote Code Execution on @ Airbnb with Ruby on Rails String Interpolation http://buer.haus/?p=410

"Airbnb -- Ruby on Rails 字符串处理不当导致远程代码执行漏洞： https://t.co/DbateL5XXc "
Ioannis Kakavas @ilektrojohn

[ Popular Software ] I posted the (long) writeup of the SAML vulnerabilities in Github Enterprise that allowed for authentication bypass: https://t.co/6i8C5QoTeZ

"Github 企业版 SAML 认证绕过漏洞分析︰ https://t.co/6i8C5QoTeZ"
Yuu Arai @yarai1978

[ Tools ] Windows API tracer with @ unicorn_engine https://github.com/icchy/unitracer

"unitracer -- 针对恶意软件调用 Windows API 的跟踪工具： https://t.co/OfKEQ2NsVo"
Capstone Engine @capstone_engine

[ Tools ] MacKextDump is a new tool to dump kernel extension information from MacOS kernel cache. #CapstoneInside https://t.co/LRHPiJBTe3

"mackextdump -- 从 Macos 中转储 Kext 信息的工具: https://t.co/LRHPiJBTe3"
Nicolas Krassas @Dinosn

[ Web Security ] CSRF Tutorial For Begineers in DVWA http://www.hackingarticles.in/csrf-tutorial-begineers-dvwa/

"针对新手的 DVWA CSRF漏洞利用教程： https://t.co/axgj82Etez "
Binni Shah @binitamshah

[ Windows ] Recovering BitLocker Keys on Windows 8.1 and 10 : https://tribalchicken.io/recovering-bitlocker-keys-on-windows-8-1-and-10/ cc @ triblchkn

"在 Windows 8.1/10 上恢复 BitLocker Keys: https://t.co/pS3rnBxsVr "
Dave dwizzzle Weston @dwizzzleMSFT

[ Windows ] What’s new in the Windows Defender ATP Creators Update preview | Microsoft Secure Blog https://blogs.microsoft.com/microsoftsecure/2017/03/13/whats-new-in-the-windows-defender-atp-creators-update-preview/

"创作者预览版（Creators Update preview）的 Windows Defender ATP 有哪些变化： https://t.co/WqtIkNId9n"
Casey Smith @subTee

[ Windows ] Extend Windows Script Host via Registration-Free COM http://subt0x10.blogspot.com/2017/03/extend-windows-script-host-via.html Lots more for me to learn, but this is a start Feedback Welcome

"利用 Registration-Free COM 扩展 Windows Script Host 的功能： https://t.co/s9PSYrdQo7 "
maldevel ☣ @maldevel

[ Windows ] Adventures with Windows IoT Core Kernel debugging. https://tribalchicken.io/adventures-with-windows-iot-core-kernel-debugging/

"Windows IoT Core Kernel debugging 大冒险： https://t.co/T3NlyacMGH"
Morten Schenk @Blomster81

[ Windows ] Third post in my series on Windows kernel shellcode on Windows 10 https://improsec.com/blog//windows-kernel-shellcode-on-windows-10-part-3

"Morten Schenk 第三篇关于内核 Shellcode 提权的 Blog： https://t.co/W2vGQyT5jY"
雪碧0xroot @cn0Xroot

[ WirelessSecurity ] DVB-T implementation in GNUradio part 1 http://yo3iiu.ro/blog/?p=1191 part 2 http://yo3iiu.ro/blog/?p=1220 part 3… https://twitter.com/i/web/status/841175641747726336

"GNUradio 中 DVB-T 的实现 part 1： https://t.co/E04qtYEpij part 2： https://t.co/TFRGr8K3pT part 3： https://t.co/56lXlApAYf"
雪碧0xroot @cn0Xroot

[ WirelessSecurity ] Updating #HackRF Firmware https://github.com/mossmann/hackrf/wiki/Updating-Firmware and install Spectrum Analyzer GUI for hackrf_sweep on Windows… https://twitter.com/i/web/status/841200425651044352

"HackRF 设备固件更新教程： https://t.co/JJdTz8nIO4 "

Xuanwu Spider via Flanker_017's 微博

[ Android ] 来自 Flanker_017 的微博， NewAndroidBook 的作者还有两份不错的 Android 学习资料，《Binder 架构深入浅出》： http://newandroidbook.com/files/Andevcon-Binder.pdf 《Android 安全综述》： http://weibo.com/fav?leftnav=1
Xuanwu Spider via seebug

[ Fuzzing ] 在Linux上使用AFL对Stagefright进行模糊测试： http://paper.seebug.org/245/
Xuanwu Spider via 宅客频道

[ Industry News ] 信息泄露，那些央视没报的“内鬼"： http://mp.weixin.qq.com/s?__biz=MzA4ODUxNjIwMg==&mid=2654324482&idx=1&sn=b982448b9246c8339f714480b104639c
Xuanwu Spider via freebuf

[ SecurityReport ] 安天发布2016移动安全年报：威胁的全面迁徙： http://www.freebuf.com/articles/terminal/128999.html
Xuanwu Spider via ctftools.com

[ Tools ] CTF资源库|CTF工具下载： https://www.ctftools.com/down/
Xuanwu Spider via E安全

[ Tools ] 部分CIA的漏洞利用工具介绍： http://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&mid=2655295037&idx=1&sn=a237e5d69d3d642c699f76ea5d31c3e7

2017/03/14