腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/04/06

Dan Guido @dguido

[ APT ] New report on a China-based APT that targets MSPs with custom malware and dyndns comms for IP theft. https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-updated.pdf

"英国 PwC 公司发布的一份 APT 报告，报告中称 Cloud Hopper APT 行动背后的组织是中国的 'APT10'： https://t.co/r9MLjsXzox"
WebKit @webkit

[ Browser ] Here are the release notes for today’s Safari Technology Preview release 27 update. https://webkit.org/blog/7497/release-notes-for-safari-technology-preview-27/ https://t.co/vyZziFTE9v

"Safari 技术预览版 27 发布： https://webkit.org/blog/7497/release-notes-for-safari-technology-preview-27/"
Francisco Alonso @revskills

[ Hardware ] First In-Depth Look at Google’s TPU Architecture https://www.nextplatform.com/2017/04/05/first-depth-look-googles-tpu-architecture/

"4 年前，Google 为了支持各种新业务的发展开始开发新的硬件架构，这篇 Blog 介绍其 TPU 硬件架构： https://t.co/a3JCrYwgsj"
Gianluca Stringhini @gianluca_string

[ Malware ] And check out our PayBreak paper on how to defeat some of the most common ransomware families… https://t.co/W47jqmggCX

" PayBreak - 针对加密型勒索软件的防御机制（paper）： https://t.co/W47jqmggCX "
McAfee Labs @McAfee_Labs

[ MalwareAnalysis ] #Dorkbot botnet, famous for backdoor, password stealing, and other malicious behavior has a new variant. We analyze… https://twitter.com/i/web/status/849459342415974400

"针对 Dorkbot Botnet 新变种的分析： https://t.co/u8pLOFWNeL"
Jamie Shaw @5ub34x

[ MalwareAnalysis ] Phishing Examples Archive - https://security.berkeley.edu/resources/phishing/phishing-examples-archive #Phishing #Pentesting #Hacking #Infosec

" 钓鱼范例集中营： https://t.co/yBoLZz0RDk "
Binni Shah @binitamshah

[ Operating System ] Samsung's Android replacement Tizen OS has almost 40 unknown 0-day vulnerabilities : https://motherboard.vice.com/en_us/article/samsung-tizen-operating-system-bugs-vulnerabilities

"据报道 Samsung 用来代替 Android 操作系统的 Tizen OS 被发现存在几十个漏洞︰ https://t.co/qoLY5R5VUQ"
Nicolas Krassas @Dinosn

[ Others ] Java AMF Deserialization - unauthenticated remote code execution https://codewhitesec.blogspot.it/2017/04/amf.html

"多个 Java AMF 序列化文件格式解析库存在漏洞，来自 CodeWhite： https://t.co/L431Lqua2a "
#Jed @JedCavins

[ Others ] wicked_cool_shellscripts_2e: PART DEUX!!! Full shell scripts for the 2nd edition of Wicked Cool Shell Scripts - https://t.co/bLZWxoSqx1

"《Wicked Cool Shell Scripts 2th》书籍中的脚本收集： https://t.co/bLZWxoSqx1"
Alvaro Muñoz @pwntester

[ Others ] [Blog] Bypassing Java Security Manager policies https://community.hpe.com/t5/Security-Research/Auditing-and-Bypassing-Security-Manager-policies/ba-p/6954256#.WOVGQ3SGPpQ #java #security

" 以 Tomcat 和 GlassFish 为例讲述 Java Security Manager Policies 的审计与绕过流程： https://t.co/dYnAyL6AyB "
netbiosX @netbiosX

[ Pentest ] [New Post] Privilege Escalation via DLL Injection https://pentestlab.blog/2017/04/04/dll-injection/ #pentestlab #Pentesting #PrivilegeEscalation

" 几种渗透测试中常用的DLL注入方式： https://t.co/XdyJwp09tK "
Francisco Alonso @revskills

[ Popular Software ] CVE-2017-2387 Apple Music (Android) An attacker in a priv network position may be able to leak sensitive user info https://support.apple.com/en-us/HT207605

" Apple Music for Android 证书验证存在问题导致攻击者可以窃取用户敏感信息（CVE-2017-2387）： https://t.co/ocKV8qf7p1"
Binni Shah @binitamshah

[ ReverseEngineering ] linux-re-101 : A collection of resources for linux reverse engineering : https://github.com/michalmalik/linux-re-101

"linux-re-101 - Linux 逆向工程资源收集︰ https://t.co/0IokxUUIiF"
Kevin Robertson @kevin_robertson

[ Tools ] Inveigh 1.3 released: new relay module, merged priv/unpriv modules, proxy auth capture/relay, mDNS, wiki… https://t.co/1T12XMH3fD

"Inveigh - 基于 PowerShell 编写的 LLMNR/mDNS/NBNS 欺骗与中间人攻击工具，方便 Windows 环境下的渗透测试： https://github.com/Kevin-Robertson/Inveigh"
Nicolas Krassas @Dinosn

[ Web Security ] WordPress Security – Unwanted Redirects via Infected JavaScript Files https://blog.sucuri.net/2017/04/wordpress-security-unwanted-redirects-via-infected-javascript-files.html

"详细分析 WordPress 网站 JS 文件恶意代码的植入流程： https://t.co/1GF1Oo6Hri"
Ѻṧαη∂α ☣ ☠ ☢ @OsandaMalith

[ Windows ] Windows Kernel Exploitation: Stack Overflow https://osandamalith.com/2017/04/05/windows-kernel-exploitation-stack-overflow/ via @ OsandaMalith

"HackSys 测试驱动一处栈溢出漏洞的利用： https://t.co/TWk3ow6V8p "
Mathy Vanhoef @vanhoefm

[ WirelessSecurity ] Slides of my ASIA CCS paper on discovering logical vulnerabilites in the Wi-Fi handshake are now online!… https://t.co/f6BXM8MJgU

"应用基于模型的测试方法发现 WiFi 握手连接过程中的逻辑漏洞： http://papers.mathyvanhoef.com/asiaccs2017-slides.pdf"

Xuanwu Spider via PHITHON 's blog

[ Challenges ] CTF比赛总是输？你还差点Tricks!： https://www.leavesongs.com/SHARE/some-ctf-tricks-ppt.html
Xuanwu Spider via 腾讯科恩实验室博客

[ IoTDevice ] 对小米九号平衡车的无接触式攻击： http://keenlab.tencent.com/zh/2017/04/01/remote-attack-on-mi-ninebot/
Xuanwu Spider via Caleb Fenton's Blog

[ Virtualization ] 如何从 Android 的 Native 代码中直接创建 Java 虚拟机： https://calebfenton.github.io/2017/04/05/creating_java_vm_from_android_native_code/
Xuanwu Spider via FreeBuf

[ Windows ] 通过结构化异常处理绕过CFG（翻译自前两周 Morten Schenk 的一篇 Blog）：http://www.freebuf.com/articles/system/131032.html

2017/04/06