腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/03/19

Scott Bauer @ScottyBauer1

[ Android ] https://goo.gl/hLE4JO PoCs for Android Vulns: CVE-2017-0451 CVE-2017-0504 CVE-2017-0516 CVE-2017-0518 CVE-2017-0519 CVE-2017-0521

"Scott Bauer 公布了 5 个 Android 内核漏洞的 PoC（CVE-2017-0451/CVE-2017-0504/CVE-2017-0516/CVE-2017-0518/CVE-2017-0521）： https://t.co/7UhKxTIVC9 "
NotSoSecure @notsosecure

[ Android ] New #NotSoSecure blog: Pentesting Android Apps With FRIDA https://www.notsosecure.com/pentesting-android-apps-using-frida/

"使用 Frida 对 Android 应用进行渗透测试： https://t.co/nDF4rQl9ZI"
Mobile Security @m0bile_security

[ Android ] #Nexus6P/#Nexus running #Nougat pwned with a complete #exploit chain #mobilesecurity #androidsecurity #CSW2017 https://t.co/lalTTJvpz3

"Pwn2Own Mobile 2016 比赛中，我们是如何 PWN 掉运行 Android Nougat 的 Nexus6P/Pixel 手机的，来自 CanSecWest 2017 大会腾讯 keen lab： https://t.co/lalTTJvpz3"
Binni Shah @binitamshah

[ Browser ] Bad SSL : https://badssl.com/

"用于检测浏览器对 SSL 加密套件支持情况的一个网站: https://t.co/mf2rL1FwGH"
Francisco Alonso @revskills

[ Conference ] CanSecWest 2017 slides https://www.slideshare.net/mobile/CanSecWest

"CanSecWest 2017 大会议题幻灯片发出： https://t.co/4qTd4ht9ub"
Santosh Nagarakatte @santoshgnag

[ Fuzzing ] Fuzzing the OpenSSH daemon using AFL. http://vegardno.blogspot.fr/2017/03/fuzzing-openssh-daemon-using-afl.html

"如何 fuzz OpenSSH daemon（sshd）： https://t.co/eJfNvHrJCj"
Nicolas Krassas @Dinosn

[ Industry News ] McDonalds India is leaking 2.2 million users data https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8#.waev8il90

"麦当劳印度区域网上订餐 app 泄漏 220 万用户数据，包括用户名、手机号、地址等个人信息： https://t.co/7UQWF03woP"
Binni Shah @binitamshah

[ IoTDevice ] Wiretapping End-to-End Encrypted VoIP Calls : Real-World Attacks on ZRTP : https://www.ibr.cs.tu-bs.de/papers/schuermann-popets2017.pdf (pdf) https://t.co/JGnaxphbIT

"窃听端到端加密 VoIP 呼叫之攻击现实世界中的 ZRTP 协议 : https://t.co/Tmk4LS26df "
Binni Shah @binitamshah

[ MachineLearning ] Building Safe AI : A Tutorial on Encrypted Deep Learning : https://iamtrask.github.io/2017/03/17/safe-ai/ cc @ iamtrask

"构建安全 AI 教程之加密的深度学习︰ https://t.co/7bsB0SrA3w "
Binni Shah @binitamshah

[ Others ] Escaping from Restricted Shell and Gaining Root Access to SolarWinds Log & Event Manager (SIEM) Product:… https://twitter.com/i/web/status/843135215916654592

"意外之旅 4 之 SIEM（SolarWinds Log＆Event Management）漏洞挖掘: 从受限的 Shell 中逃逸并提升至 root 权限： https://pentest.blog/unexpected-journey-4-escaping-from-restricted-shell-and-gaining-root-access-to-solarwinds-log-event-manager-siem-product/"
Binni Shah @binitamshah

[ Popular Software ] mysql-unsha1 : Authenticate against a MySQL server without knowing the cleartext password : https://github.com/cyrus-and/mysql-unsha1 cc @ cyrus_and

"mysql-unsha1: 在不知道 MySQL 明文密码的情况下绕过认证︰ https://t.co/y7Rl1L45jL "
Nicolas Krassas @Dinosn

[ Protocol ] Cisco IOS Remote Code Execution Vulnerability -> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp, (Sat, Mar 18th) https://isc.sans.edu/diary/Cisco%2BIOS%2BRemote%2BCode%2BExecution%2BVulnerability%2B-%3E%2Bhttps%3Atools.cisco.comsecuritycentercontentCiscoSecurityAdvisorycisco-sa-20170317-cmp/22195

" Cisco IOS 和 IOS XE 软件群集管理协议存在远程代码执行漏洞（CVE-2017-3881）： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp"
Ulf Frisk @UlfFrisk

[ Vulnerability ] DMA into SMM on high-end servers using #PCILeech. Interesting #CanSecWest prez https://www.slideshare.net/CanSecWest/privilege-escalation-on-highend-servers-due-to-implementation-gaps-in-cpu-hotadd-flow

"滥用 Intel Hot-Add（无需断电，热插拔）特性的漏洞实现数据中心服务器的提权，来自 CanSecWest 2017 会议： https://t.co/tQiQ4wNRG9"
Binni Shah @binitamshah

[ Web Security ] XSSJacking : Abusing Self-XSS and Clickjacking to trigger XSS : https://github.com/dxa4481/XSSJacking

"XSSJacking 之结合点击劫持与 Self-XSS 以触发 XSS 攻击示例： https://t.co/hlggFj81V4"
iarce @4Dgifts

[ Windows ] "Win2k Dark Composition: Attacking the Shadow part of Graphic subsystem" @pgboy & @zhong_sf CanSecWest 2017 slides https://t.co/rjiEah2S5p

"Win32k 位图合成（Direct Composition）的攻击界面、漏洞挖掘和利用，来自 CanSecWest 2017 大会 360 vulcan 团队: https://t.co/rjiEah2S5p"
Jason Fossen @JasonFossen

[ Windows ] Detecting and Preventing PowerShell Downgrade Attacks, by @ Lee_Holmes (#infosec #cybersecurity): http://www.leeholmes.com/blog/2017/03/17/detecting-and-preventing-powershell-downgrade-attacks/

"PowerShell 降级攻击的检测与防御: https://t.co/E1EtWmap6w"
Full Disclosure @SecLists

[ Windows ] TS Session Hijacking / Privilege escalation all windows versions https://goo.gl/fb/fOnij0 #FullDisclosure

"多用户环境下，Windows 本地管理员可以劫持其他用户的 Terminal Services Session： https://t.co/UPUdgwCHQY"
Nicolas Krassas @Dinosn

[ WirelessSecurity ] SYSTEM-level Persistence via Intel PROSet Wireless RpcRtRemote.dll Backdoor http://x42.obscurechannel.com/?p=378

"Intel PROSet Wireless 软件包存在一个 DLL 劫持漏洞，通过 RpcRtRemote.dll 可以实现一个 SYSTEM 权限的常驻攻击： https://t.co/hO0zOGLNQF "
Pralhad Chaskar‏ @c0d3xpl0it

[ WirelessSecurity ] Enterprise WIFI Hacking with Hostapd-WPE https://goo.gl/gC3tk4 #WiFi #Hacking #Hostapd-wpe

" 利用 Hostapd-WPE 渗透企业无线网络: https://t.co/mKs3na9IBE"

2017/03/19