腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/03/24

Matt Miller @epakskape

[ Browser ] Great attack surface reduction for the Microsoft Edge sandbox in the upcoming Creators Update https://twitter.com/MSEdgeDev/status/844957192818110464

"微软发了一篇新 Blog，谈即将发布的 Windows 10 Creators 中 Edge 沙箱所做的防御改进措施： https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/ "
Binni Shah @binitamshah

[ Linux ] Writing a Linux Debugger (Part 1) - Setup : http://blog.tartanllama.xyz/c++/2017/03/21/writing-a-linux-debugger-setup/

"来写一个 Linux Debugger part 1︰ https://t.co/zKuqvBJ7Bw"
Threatpost @threatpost

[ MalwareAnalysis ] #Malware that targets both Microsoft, Apple operating systems detailed - http://bit.ly/2mZdHj7 https://t.co/jD2uBqmOS8

"同时针对 MacOS 和 Windows 系统的 Office 恶意文档被发现： https://threatpost.com/malware-that-targets-both-microsoft-apple-operating-systems-found/124531/ 详情： http://blog.fortinet.com/2017/03/22/microsoft-word-file-spreads-malware-targeting-both-apple-mac-os-x-and-microsoft-windows"
Nikolaos Chrysaidos @virqdroid

[ Mobile ] Mobile Security Research - Recap 2016 - http://www.virqdroid.com/2017/03/mobile-security-research-recap-2016.html

"针对 2016 年移动安全研究方面的总结，包括演讲、技术文章、论文等： https://t.co/xQPQsVxof3"
Eli Bendersky @elibendersky

[ Others ] Adventures in JIT compilation: part 1 - an interpreter: http://eli.thegreenplace.net/2017/adventures-in-jit-compilation-part-1-an-interpteter/; part 2 - an x64 JIT: https://t.co/ublieZnFNE

"在 x64 JIT 编译 part 2： https://t.co/ublieZnFNE"
Nikhil Mittal @nikhil_mitt

[ Pentest ] [Blog] Using SQL Server for attacking a Forest Trust. #ActiveDirectory #RedTeam #PowerShell http://www.labofapenetrationtester.com/2017/03/using-sql-server-for-attacking-forest-trust.html

"利用 SQL Server 攻击信任域林： https://t.co/JMJxKtfAVE"
Artem Kondratenko @artkond

[ Pentest ] A Red Teamer's guide to pivoting #infosec #pentest #pivoting #redteam https://artkond.com/2017/03/23/pivoting-guide/

"RedTeam 的网络边界跨越手册： https://t.co/vBfBWrrPoL "
Binni Shah @binitamshah

[ Tools ] pwnbox : Docker container with tools for binary reverse engineering and exploitation : https://github.com/superkojiman/pwnbox cc @ superkojiman

"pwnbox -- 包含二进制逆向工程与漏洞利用常用工具的Docker容器︰ https://t.co/V0amdJpiIY"
James Forshaw @tiraniddo

[ Tools ] I've released a big update for OleViewDotNet https://github.com/tyranid/oleviewdotnet NDR parsing, access checking, IPID table parsi… https://twitter.com/i/web/status/844791193527500801

"James Forshaw 更新了 OleViewDotNet ： https://t.co/z8oYDosvCe "
FireEye @FireEye

[ Tools ] [Blog] WMImplant – A #WMI Based Agentless Post-Exploitation RAT Developed in #PowerShell http://bddy.me/2nWhhLG

"WMImplant -- 使用 PowerShell 编写的一款基于 WMI 的后渗透测试工具： https://t.co/UHYHrVvYyG"
p4r4n0id @p4r4n0id_il

[ Tools ] Very nice tool - Syscall-Monitor - relying on Intel VTX/EPT to intercept system events - https://lnkd.in/gnHjtpE

"Syscall-Monitor -- Windows 7+ 操作系统基于 Intel VT-X/EPT 的 Syscall Monitor： https://t.co/neVAt8sZRx"
JPCERT/CC @jpcert_en

[ Tools ] New Blog Post - Malware Clustering using impfuzzy and Network Analysis - impfuzzy for Neo4j - ^ST http://blog.jpcert.or.jp/2017/03/malware-clustering-using-impfuzzy-and-network-analysis---impfuzzy-for-neo4j-.html

"impfuzzy for Neo4j -- JPCERT 开发的一款用于恶意软件可视化关系链分析的工具： https://t.co/PKs7TgkNSS"
Threatpost @threatpost

[ Vulnerability ] New @ Wikileaks #Vault7 dump shows apparent interdiction of iPhone supply chain - http://bit.ly/2mZ4abT https://t.co/W1KkXDb52u

"Dark Matter - WikiLeaks 昨天公开了一批新文档，揭露 CIA 是如何搞定 Apple Mac 固件获得稳定控制能力的，重装系统也没用： https://t.co/4nyBI2XHqr 详情： https://wikileaks.org/vault7/darkmatter/releases/"
Chris Truncer @christruncer

[ Windows ] Here’s the slides to our talk about Device Guard and link to WMImplant! https://www.slideshare.net/CTruncer/windows-10-endpoint-security-improvements-and-the-implant-since-windows-2000 https://github.com/ChrisTruncer/WMImplant

" 自 Windows 2000 至 Windows 10 以来在端点安全上的提升与改变： https://t.co/jdB1IX7I1l "

Xuanwu Spider via trendmicro 's blog

[ iOS ] 通过 iOS App Store 传播的第三方 App Store： http://blog.trendmicro.com/trendlabs-security-intelligence/third-party-app-stores-delivered-via-ios-app-store/
Xuanwu Spider via 绿盟科技 & 安全客

[ Popular Software ] Apache Struts2 S2-046 漏洞分析: http://blog.nsfocus.net/apache-struts-2-remote-code-execution-vulnerability-s2-046-technical-analysis-solution/ http://bobao.360.cn/learning/detail/3649.html
Xuanwu Spider via freebuf

[ Tools ] Vault7文档曝光的那些CIA网络武器： http://www.freebuf.com/news/129569.html
Xuanwu Spider via threatpost

[ Vulnerability ] 思科最近修复了一个其 IOx 平台的一个严重漏洞，该漏洞允许未授权用户远程获得 Root 权限： https://threatpost.com/cisco-patches-critical-iox-vulnerability/124533/
Xuanwu Spider via rasca11 's blog

[ Web Security ] 本屌的web漏洞扫描器思路技巧总结（域名信息收集篇）： http://weibo.com/ttarticle/p/show?id=2309404088584863883789
Xuanwu Spider via inspired-sec.com

[ Windows ] Windows DCOM 提权漏洞（CVE-2017-0100）的再利用： http://blog.inspired-sec.com/archive/2017/03/17/COM-Moniker-Privesc.html

2017/03/24