腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/03/17

Abdulrhman Alqabandi @Qab

[ Browser ] CVE-2017-0042 - IE11 Local folder/file detection PoC - http://pastebin.com/raw/Eztknq4s - ft. @ shhnjk

"IE 11 探测本地文件的 PoC（CVE-2017-0042）： https://t.co/aD0xIBZ98W"
Zero Day Initiative @thezdi

[ Challenges ] The schedule for Day Two of #Pwn2Own has been published. We're running 2 tracks due to the number of entries. http://bit.ly/2muaXJy

"Pwn2Own 第二天的日程安排及战况： https://t.co/HhzmgJL1aO"
Zero Day Initiative @thezdi

[ Challenges ] The results of Day 1 of #Pwn2Own 2017 are in the books. 10 attempts total. See all the results at http://bit.ly/2ncZhPC. #P2O

"Pwn2Own 2017 第一天比赛回顾： https://t.co/3OOmkJn9Tk"
James Habben @JamesHabben

[ Forensics ] Followup blog to the CCM_RecentlyUsedApps tools. Property values, meanings, and analysis tips. #DFIR #infosec https://t.co/iqP07KjSPe

"WMI 数据库 CCM_RecentlyUsedApps Records 数据解析与取证分析： https://t.co/iqP07KjSPe"
Nicolas Krassas @Dinosn

[ macOS ] Playing with Mach-O binaries and dyld http://blog.lse.epita.fr/articles/82-playing-with-mach-os-and-dyld.html

"Playing with Mach-O binaries and dyld： https://t.co/ovXlrH3mxc"
Schneier Blog @schneierblog

[ Malware ] Using Intel's SGX to Attack Itself https://www.schneier.com/blog/archives/2017/03/using_intels_sg.html

"恶意软件防御拓展: 使用SGX隐藏缓存攻击： https://arxiv.org/pdf/1702.08719.pdf"
Arnaud Dlms @ArnaudDlms

[ MalwareAnalysis ] My latest article : Analyzing and Deobfuscating FlokiBot Banking Trojan http://adelmas.com/blog/flokibot.php #flokibot #malware

"FlokiBot 银行木马详细分析： https://t.co/QibSQQQu3k"
Axelle Ap. @cryptax

[ MalwareAnalysis ] Android/Ztorg downloaded sample has root exploits, tools & packages embedded in the source code as bin strings: https://t.co/jrXGN2kboJ

"解析 Android 恶意软件变种 Android/Ztorg.AM!tr ︰ http://blog.fortinet.com/2017/03/15/teardown-of-a-recent-variant-of-android-ztorg-part-1 ; part 2： https://blog.fortinet.com/2017/03/15/teardown-of-android-ztorg-part-2"
Joshua Franklin @thejoshpit

[ Mobile ] My talk at the #androidsecuritysymposium: Building Threat Models for the #Mobile Ecosystem http://jfranklin.me/prez/AndroidSecuritySymposium-2017.pdf #mobilesecurity #infosec

"移动生态系统威胁建模： https://t.co/nPbQopFGzY"
Nicolas Krassas @Dinosn

[ Others ] Samsung leaking customer information via insecure shipper https://medium.com/@ AlmostWhiteHat/samsung-leaking-customer-information-9b7e2dcb006d#.xpghkmvcd

"Samsung 在线购买平台的顾客信息泄露事件分析： https://t.co/KzYsRpy29u "
Chris Allen @bitemyapp

[ Programming ] Rust 1.16 released https://blog.rust-lang.org/2017/03/16/Rust-1.16.html

"Rust 1.16 正式发布： https://t.co/d0eXg0VOzL"
Nicolas Krassas @Dinosn

[ Tools ] SSLsplit - transparent SSL/TLS interception http://www.kitploit.com/2017/03/sslsplit-transparent-ssltls-interception.html

"SSLsplit -- SSL/TLS 拦截工具，用于对SSL/TLS加密网络实施中间人攻击： https://t.co/TXGkOP5ykY"
SensePost @sensepost

[ Tools ] A write-up of the new Linux-based single-board computer Universal Serial aBUSe port by @RoganDawes after @hackcon https://t.co/AclR4fS7r1

"USaBUSe - SensePost 研究员在 DEFCON 24 上公开的一个工具，类似 USB Rubber Ducky，目的是实现对目标主机网络的远程访问： https://t.co/AclR4fS7r1 Github： https://sensepost.com/blog/2017/usabuse-linux-updates/ "
Unicorn Engine @unicorn_engine

[ Tools ] Good news: Unicorn emulator now supports ARM in big-endian mode, available in latest code from our Github repo! https://t.co/c0Le6rRdkX

"Unicorn CPU 模拟器现在支持 ARM big-endian 了： https://t.co/c0Le6rRdkX"
Daniel Bilar @daniel_bilar

[ Virtualization ] #ndss Nexen: Sandbox Xen into least-priv internal domains by @ adriancolyer https://blog.acolyer.org/2017/03/16/deconstructing-xen/ [74% vul mit.; 1… https://t.co/BykA8x8NkQ

"Deconstructing Xen，作者研究了 Xen 公告列表中的 191 个漏洞，发现其中高达 144 个都影响核心 Hypervisor，于是作者从架构设计角度考虑如何避免这种大多数漏洞都影响内核(Core)的情况： https://t.co/iUTUP8J3wP "
Full Disclosure @SecLists

[ Vulnerability ] USB Pratirodh XML External Entity Injection Vulnerability https://goo.gl/fb/DYniQC #FullDisclosure

"USB Pratirodh XML 外部实体注入漏洞（CVE-2017-6895）： https://t.co/bzzp7aGtAB "
Sebas Guerrero ⚡ @0xroot

[ Web Security ] Rails SQL injection cheat sheet - https://rorsecurity.info/portfolio/ruby-on-rails-sql-injection-cheat-sheet

"Rails SQL 注入备忘： https://t.co/HdgJO5HzRm"
Nicolas Krassas @Dinosn

[ Windows ] Microsoft Windows 'LoadUvsTable()' Heap-based Buffer Overflow https://cxsecurity.com/issue/WLB-2017030152

"微软 Windows 'LoadUvsTable()' 堆缓冲区溢出（CVE-2016-7274）： https://t.co/YH68qlCKyK"

Xuanwu Spider via hub.docker.com

[ Fuzzing ] Docker 的镜像库里有人共享了一个 AFL Fuzz Docker Image，里面内置了 clang, qemu, afl-dyninst, TriforceAFL: https://hub.docker.com/r/moflow/afl-tools/
Xuanwu Spider via 安全客

[ Fuzzing ] Smarter Peach: Add Eyes to Peach Fuzzer： http://bobao.360.cn/news/detail/4036.html
Xuanwu Spider via freebuf

[ Industry News ] 美国52GB个人身份信息泄露：国防部、沃尔玛、花旗集团等都未能幸免： http://www.freebuf.com/news/129553.html
Xuanwu Spider via freebuf

[ IoTDevice ] 大众车机天宝187A Hack笔记： http://www.freebuf.com/geek/129160.html
Xuanwu Spider via exablue blog

[ Popular Software ] 通过一个序列化相关的漏洞实现 GitHub Enterprise 版本的远程代码执行： http://exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html
Xuanwu Spider via Github

[ Popular Software ] 阿里巴巴 fastjson 1.2.24 以及之前版本存在远程代码执行高危安全漏洞，请升级到1.2.28/1.2.29或者更新版本： https://github.com/alibaba/fastjson/wiki/security_update_20170315
Xuanwu Spider via weibo

[ Private ] 360 Gear Team 准备参加 PWN2OWN 2017 的 VMware 虚拟机逃逸漏洞在赛前被补了，视频演示： http://weibo.com/6053467553/EA4XVEoY5?from=page_1005056053467553_profile&wvr=6&mod=weibotime&type=comment
Xuanwu Spider via harmj0y 's blog

[ Windows ] Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy： http://www.harmj0y.net/blog/redteaming/pass-the-hash-is-dead-long-live-localaccounttokenfilterpolicy/

2017/03/17