腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/04/01

Nikolaos Chrysaidos @virqdroid

[ Android ] Trojan analysis of the virus: advertising SDK behind the magic hand - http://bobao.360.cn/learning/detail/3676.html (Chinese)

" 破坏者病毒：广告SDK背后的魔手，来自安全客： https://t.co/oAkKmOGN2v "
Nicolas Krassas @Dinosn

[ Android ] Samsung Galaxy S8 facial recognition system to unlock the device can be bypassed with a photo http://securityaffairs.co/wordpress/57573/hacking/samsung-galaxy-s8-hack.html (was it unexpected ?)

"三星 Galaxy S8 的面部识别系统可通过一张照片解锁： https://t.co/REH7t4MOiB "
Binni Shah @binitamshah

[ Android ] Anti-Plugin : Don't let your App Play as an Android Plugin : https://www.blackhat.com/docs/asia-17/materials/asia-17-Luo-Anti-Plugin-Don't-Let-Your-App-Play-As-An-Android-Plugin.pdf (Slides) #BHASIA2017

" Anti-Plugin - 来自 Palo Alto 的研究员讲 Android 插件框架的滥用问题︰ https://t.co/R35MXsZemM 前两周他们官方 Blog 发过一篇相关文章"
Seongsu Park @unpacker

[ APT ] Part II. APT29 Russian APT including Fancy Bear http://contagiodump.blogspot.com/2017/03/part-ii-apt29-russian-apt-including.html

" Contagio Blog 在整理了 APT 28 相关的所有资料之后，昨天又整理了 APT29 的相关数据： https://t.co/ckhDwgJjdU"
Manuel Caballero @magicmac2000

[ Browser ] MS Edge - Defeating the popUp blocker, the XSS filter and SuperNavigate with our fake ticket to the Intranet Zone ?… https://twitter.com/i/web/status/847891250288222209

" Edge 浏览器中，不带 . 的 URL 会被当作 Intranet 域渲染，利用这个特性，这篇 Blog 介绍如何 Bypass 弹框禁止、XSS Filter 等保护： https://twitter.com/i/web/status/847891250288222209 https://www.brokenbrowser.com/free-ticket-to-the-intranet-zone/ "
Haifei Li @HaifeiLi

[ Browser ] Want to Make ActiveX Great Again on Edge? https://www.blackhat.com/docs/asia-17/materials/asia-17-Sun-The-Power-Of-Data-Oriented-Attacks-Bypassing-Memory-Mitigation-Using-Data-Only-Exploitation-Technique.pdf.

" 数据攻击的威力 - 利用 Data-Only 技术突破内存利用缓解措施，来自 McAfee 研究员在 BlackHat Asia 会议的演讲： https://t.co/UmBsVkPktv。"
Cylance Inc. @cylanceinc

[ Firmware ] Researchers Disclose Vulnerabilities in GIGABYTE BRIX Systems http://buff.ly/2ohK8Nm #infosec #security #BHASIA https://t.co/nQLkTE0ziD

" RSA 2017 会议上，有研究者公开了一个 UEFI 固件勒索软件的 PoC，这次在 BlackHat Asia 会议上他们公开了 GIGABYTE（技嘉）BRIX 平台固件的两个漏洞，利用这些漏洞可以在完全控制系统后在固件级别安装后门： https://t.co/OaJX2sqi4Z https://t.co/nQLkTE0ziD"
Binni Shah @binitamshah

[ Hardware ] Breaking Korea Transit Card with Side-Channel Attack - Unauthorized Recharging : https://www.blackhat.com/docs/asia-17/materials/asia-17-Kim-Breaking-Korea-Transit-Card-With-Side-Channel-Attack-Unauthorized-Recharging.pdf (Slides) #BHASIA2017

" 利用侧信道的方法攻击韩国交通卡，来自 BlackHat Asia 2017 会议︰ https://t.co/MYnGLzvmKK "
Amit Serper ? @0xAmit

[ Hardware ] Exploiting smart TVs via terrestrial signal. This is the coolest thing I've seen in a while: https://arstechnica.com/security/2017/03/smart-tv-hack-embeds-attack-code-into-broadcast-signal-no-access-required/?amp=1

"利用地面无线电大范围地控制智能电视（Smart TV）︰ https://t.co/1eWdvuN8rn"
Francisco Alonso @revskills

[ iOS ] iPhone7 Fingerprint circuit https://www.youtube.com/watch?v=72ApkGkKHQQ

"iPhone7 指纹识别组件的电路图（视频）： https://t.co/TMXadVrYk0"
Binni Shah @binitamshah

[ Linux ] Exploiting USB/IP in Linux : https://www.blackhat.com/docs/asia-17/materials/asia-17-Korchagin-Exploiting-USBIP-In-Linux.pdf (Slides) #BHASIA cc @ secumod

" Exploiting USB/IP in Linux， USB/IP 是一种通过网络共享 USB 设备的方式︰ https://t.co/EwAlqPIbht "
Binni Shah @binitamshah

[ Linux ] DROP THE ROP : Fine Grained Control-Flow Integrity for The Linux Kernel : https://www.blackhat.com/docs/asia-17/materials/asia-17-Moreira-Drop-The-Rop-Fine-Grained-Control-Flow-Integrity-For-The-Linux-Kernel.pdf (Slides) #BHASIA

"通过为 Linux 内核提供细粒度的 CFI，对抗 ROP，来自 BlackHat Asia 2017 会议︰ https://t.co/2o3ejkDTsi "
Binni Shah @binitamshah

[ Linux ] Linux Malware Analysis using Limon Sandbox : https://cysinfo.com/10th-meetup-linux-malware-analysis/ (Slides & Demo) cc @ monnappa22

"基于 Limon 沙箱的 Linux 恶意软件分析︰ https://t.co/VQfVYvVE67 作者曾在 2015 年的 BlackHat Europe 会议上讲过 Limon 沙箱"
Nicolas Krassas @Dinosn

[ macOS ] Apple macOS/IOS 10.12.2(16C67) mach_msg Heap Overflow https://cxsecurity.com/issue/WLB-2017030254

" Apple macOS/IOS 10.12.2(16C67) mach_msg Heap Overflow： https://t.co/qvNvlA9cR3"
FireEye @FireEye

[ macOS ] Introducing http://Monitor.app for macOS https://www.fireeye.com/blog/threat-research/2017/03/introducing_monitor.html #Freeware #infosec https://t.co/Z4LI3Wq30K

" FireEye 公开了一个用于 macOS 的动态分析工具，类似 Windows Sysinternals 中的 ProcMon： https://t.co/5UrKUUFBYb https://t.co/Z4LI3Wq30K https://t.co/30xzdR1giM"
Nicolas Krassas @Dinosn

[ Malware ] Threat Spotlight: Sundown Matures http://blog.talosintelligence.com/2017/03/sundown-matures.html

" Sundown Exploit Kit 日趋成熟了： https://t.co/1wAaoWo7cQ"
Binni Shah @binitamshah

[ Malware ] What Malware Authors Don't Want You to Know - Evasive Hollow Process Injection : https://www.blackhat.com/docs/asia-17/materials/asia-17-KA-What-Malware-Authors-Don't-Want-You-To-Know-Evasive-Hollow-Process-Injection-wp.pdf , Slides: https://www.blackhat.com/docs/asia-17/materials/asia-17-KA-What-Malware-Authors-Don't-Want-You-To-Know-Evasive-Hollow-Process-Injection.pdf

"恶意软件作者不想让你知道的事儿 - Process Hollowing 注入技术，Paper︰ https://t.co/vLAMdODWjd PPT： https://t.co/T8xulSOEct"
Carlos Castillo @carlosacastillo

[ Mobile ] [Slides] Mobile Telephony Threats in Asia https://goo.gl/WN06sY - #BlackHatAsia 2017

" 亚洲地区来自移动电话的威胁分析： https://www.blackhat.com/docs/asia-17/materials/asia-17-Balduzzi-Mobile-Telephony-Threats-In-Asia.pdf "
Pavel Durov @durov

[ OpenSourceProject ] The source code of Telegram for iOS and Android is open and free. Enjoy! https://github.com/DrKLO/Telegram https://github.com/peter-iakovlev/Telegram

" 即时通讯应用 Telegram 的 iOS APP 和 Android APP 开源了： https://t.co/1h3Leprobj https://t.co/bTS1nZPL6e"
Binni Shah @binitamshah

[ Others ] Your next JVM : Panama, Valhalla, Metropolis : http://cr.openjdk.java.net/~jrose/pres/201703-YourNextVM.pdf (Slides) cc @ JohnRose00

"Java 官方架构师谈下一代 JVM 虚拟机的架构设计︰ https://t.co/uZF2AHsef7 "
Tavis Ormandy @taviso

[ Popular Software ] LastPass have fixed the remote code execution bug I reported last week. ?? https://bugs.chromium.org/p/project-zero/issues/detail?id=1225

" LastPass 隔离环境全局属性可修改的漏洞，可以导致 RCE，来自 Project Zero Tavis： https://t.co/NWwqTdGbay"
Full Disclosure @SecLists

[ SecurityProduct ] Splunk Enterprise Information Theft - CVE-2017-5607 https://goo.gl/fb/4qfPHR #FullDisclosure

" Splunk 企业版刚披露了一个信息泄漏漏洞（CVE-2017-5607）： https://t.co/qjwnxXnK4Q "
Fatih Sevimli @fatih_svml

[ Web Security ] A large XSS payloads set. #infosec #Pentesting ⬇⬇⬇ https://sql--injection.blogspot.com.tr/p/blog-page_80.html?m=1

" XSS Payload 收集（约有 1500 左右）： https://t.co/a5jJ64FiBr"
Binni Shah @binitamshah

[ Windows ] Abusing Kerberos for arbitrary impersonations and RCE : https://www.blackhat.com/docs/asia-17/materials/asia-17-Hart-Delegate-To-The-Top-Abusing-Kerberos-For-Arbitrary-Impersonations-And-RCE-wp.pdf (wp), https://www.blackhat.com/docs/asia-17/materials/asia-17-Hart-Delegate-To-The-Top-Abusing-Kerberos-For-Arbitrary-Impersonations-And-RCE.pdf (Slides) cc @ machosec #BHASIA

" 滥用 Kerberos 认证机制，实现任意身份模拟以及 RCE，来自 BlackHat Asia 2017 会议，Paper: https://t.co/c0gJlD9m1i PPT： https://t.co/X8iBOBGUL1 "

Xuanwu Spider via Ke Liu

[ Fuzzing ] DIG INTO THE ATTACK SURFACE OF PDF AND GAIN 100+ CVES IN 1 YEAR，来自玄武实验室 Ke Liu 在 BlackHat Asia 会议的演讲，其中分享了他在挖掘 PDF 文件格式漏洞过程中的经验，包括如何寻找攻击面以及 Fuzzing 过程中的一些技巧：
Xuanwu Spider via phunter_lau 微博

[ MachineLearning ] 利用机器学习检测恶意 URL： https://arxiv.org/pdf/1701.07179.pdf

2017/04/01