腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] MS Edge Referrer Spoof - How to spoof the referrer even after MS patch. ?(also, inject an iframe everywhere) ?… https://t.co/k8iamKdlfp
"利用 iframe 注入的方法欺骗 Edge Referer,这篇 Blog 是对之前补丁的绕过: https://www.brokenbrowser.com/referer-spoofing-patch-bypass Seebug 的翻译: http://paper.seebug.org/258/#0-tsina-1-52849-397232819ff9a47a7b7e80a40613cfe1 "
-
[ Industry News ] #Symantec API Flaws reportedly let attackers quietly steal Private #SSL Keys and Certificates… https://t.co/nTTGVId22d
"有研究员称由于赛门铁克的证书分发过程和代理商存在漏洞,攻击者可以窃取其他人的证书私钥信息,研究员称赛门铁克 2015 年就知道这个问题了。但赛门铁克表示不能复现该漏洞: http://thehackernews.com/2017/03/symantec-ssl-certificates.html"
-
[ iOS ] iOS Packet Sniffing with Pown.js and HTTPView http://blog.websecurify.com/2017/03/ios-packet-sniffing.html
"iOS Packet Sniffing with Pown.js and HTTPView ,在 macOS 上,基于 Pown.js NOW 工具,实现更直观、更方便的 HTTP 流量 Sniffer,其中 Pown.js 是一个基于 Node.js 的库: https://t.co/1XrTcZublB"
-
[ IoTDevice ] Wouahhhh Great !!! *\0/* *\0/* *\0/* #infosec #PenTest # Industrial RFID Printers Local root privilege escalation… https://twitter.com/i/web/status/846657291051061248
"Intermec 公司的 PM43/PM43c RFID 中端打印机的一个本地 Root Exploit(CVE-2017-5671): https://github.com/kmkz/exploit/blob/master/CVE-2017-5671.txt"
-
[ IoTDevice ] Firmware Analysis for IoT Devices http://resources.infosecinstitute.com/firmware-analysis-for-iot-devices/ #infosec #IoT cc @ InfosecEdu
" IoT 设备固件分析教程: https://t.co/9f4WT5qQMx "
-
[ macOS ] [CVE-2017-2436] #macOS #Sierra <= 10.12.3 IOFireWireAVC #Kernel Extension Out of Bounds #Vulnerability https://t.co/dqnKLuyWFt
"macOS 10.12.3 IOFireWireAVC 内核扩展越界访问漏洞(CVE-2017-2436): https://t.co/dqnKLuyWFt"
-
[ Malware ] Cerber Starts Evading Machine Learning http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-starts-evading-machine-learning/
" Cerber 勒索软件开始对机器学习检测技术进行逃避: https://t.co/RtPKPdVmNU"
-
[ MalwareAnalysis ] Recent Dimnie activity uses phishing emails to target open source developers on GitHub. Get the new #Unit42 report http://oak.ctx.ly/r/5j0pu
" Dimnie 网络钓鱼攻击分析,来自 Unit 42: https://t.co/We8YbPbMRU"
-
[ Mobile ] Hacking Xiaomi MI Smartphone into Zigbee Sniffer : http://faire-ca-soi-meme.fr/hack/2017/03/13/hack-xiaomi-mi-smarthome-zigbee-sniffer/ https://t.co/omPstT7D6G
"利用 Zigbee Sniffer Hacking 小米的智能家具硬件(法语)︰ https://t.co/657ZaL8HNW "
-
[ Others ] RDS hijacking again - this time start a process inside another RDP session, without SYSTEM rights https://github.com/Skons/ms17-0100/blob/master/Start-ProcessInSession.ps1
"PoweShell 版本的 MS17-100 COM Session Moniker 本地提权 Exploit: https://t.co/eeU983FLMq "
-
[ Others ] Complete series of Apache / ModSecurity tutorials with Core Rule Set tuning, log visualisation / traffic decryption https://www.netnea.com/cms/apache-tutorials/
" Apache / ModSecurity 教程: https://t.co/tNXuufwrSU"
-
[ Popular Software ] #Pwn2Own follow-up: new #VMware Security Advisory VMSA-2017-0006 for ESXi, Workstation and Fusion https://blogs.vmware.com/security/2017/03/vmware-workstation-target-pwn2own-2017.html
"VMware 发布了针对 PWN2OWN 2017 比赛所涉及漏洞的安全公告: https://t.co/TW9j820Z67"
-
[ ReverseEngineering ] Finally my Reverse Engineering Malware 101 workshop content for the @ WiCySconference. https://securedorg.github.io/RE101/ https://t.co/JypQdlGCx4
"逆向相关的一个系列教程,从调试环境的搭建到动静态分析: https://t.co/7dYUtG8ARk "
-
[ Sandbox ] Escaping a Python sandbox with a memory corruption bug https://medium.com/@ gabecpike/python-sandbox-escape-via-a-memory-corruption-bug-19dde4d5fea5
"利用内存破坏漏洞实现 Python 沙盒逃逸: https://t.co/hxAx7IDNrc "
-
[ Tools ] Added some updates to the "WordPress Plugin Security Testing Cheat Sheet" - https://github.com/ethicalhack3r/wordpress_plugin_security_testing_cheat_sheet
"wordpress_plugin_security_testing_cheat_sheet -- WordPress Plugin 安全测试秘籍: https://t.co/Oen0ACrpz6"
-
[ Tools ] wuzz - Interactive CLI Tool for HTTP Inspection http://www.kitploit.com/2017/03/wuzz-interactive-cli-tool-for-http.html
" wuzz -- 用于 HTTP 测试的交互式命令行工具: https://t.co/IPyFccrwHS "
-
[ Windows ] Fileless UAC Bypass Uses Windows Backup and Restore Utility https://threatpost.com/fileless-uac-bypass-uses-windows-backup-and-restore-utility/124579/
"利用 Windows 备份与还原特性 Bypass UAC: https://t.co/3KaKhNZ1ug"
-
[ Windows ] Slightly modified version of @tiraniddo #MS17-012 COM Session Moniker Exploit running within MSBuild.exe @subTee… https://t.co/xxNFmXRow4
"MS17-012 - COM Session Moniker EoP Exploit running within MSBuild.exe: https://t.co/xxNFmXRow4 "
-
[ Windows ] Back to Basics or Bypassing Control Flow Guard with Structured Exception Handler https://improsec.com/blog//back-to-basics-or-bypassing-control-flow-guard-with-structured-exception-handler
"Morten Schenk 今天这篇 Blog 谈如何通过泄露栈地址+改写栈上 SEH 的方法 Bypass CFG。他报给微软 Bounty 项目,不过微软没认: https://t.co/0ZojZixOHT"
-
[ WirelessSecurity ] WiFi Phishing for Credentials with a Captive Portal on OpenWrt: http://www.smeegesec.com/2017/03/captive-portal-wifi-phishing-with.html
" 使用 OpenWrt 实现无线强制登录门户页面进行钓鱼︰ https://t.co/5LTMBMulrV"
-
Xuanwu Spider via project zero[ Browser ] Safari 浏览器 DateTimeFormat.format 中的一个类型混淆漏洞(CVE-2017-2446): https://bugs.chromium.org/p/project-zero/issues/detail?id=1036
-
Xuanwu Spider via project zero
[ Mobile ] 高通设备上由于缺少 TVM 置位,攻击者可以 Bypass 三星 RKP 内核保护特性(Real-time Kernel Protection): https://bugs.chromium.org/p/project-zero/issues/detail?id=1041
-
Xuanwu Spider via Github
[ Others ] This book reads you - using JavaScript - iBooks ePub Parser 存在一个本地文件读漏洞(CVE-2017-2426): https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-using-JavaScript.html
-
Xuanwu Spider via 终极修炼师 's weibo
[ Web Security ] Apache struts 2(CVE-2017-5638)的'贡献' - 从 DDoS 到服务器勒索软件: https://f5.com/labs/articles/threat-intelligence/malware/from-ddos-to-server-ransomware-apache-struts-2-cve-2017-5638-campaign-25922