腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/04/11

Nicolas Krassas @Dinosn

[ Android ] More Android Anti-Debugging Fun http://www.vantagepoint.sg/blog/89-more-android-anti-debugging-fun

"Android 反调试技巧之 Self-Debuging/proc 文件系统检测、调试断点探测： https://t.co/tKjaL30xpX"
Ben Hawkes @benhawkes

[ Fuzzing ] Project Zero blog: "Notes on Windows Uniscribe Fuzzing" by @ j00ru - https://googleprojectzero.blogspot.com/2017/04/notes-on-windows-uniscribe-fuzzing.html

"在 Fuzz Windows 用户态组件 Uniscribe 库对字体的处理时，j00ru 发现了 29 个 Bug，Project Zero 这篇 Blog 介绍他是如何大规模 Fuzz Uniscribe 的： https://t.co/euMaN1t6D6"
HD Moore @hdmoore

[ Hardware ] CVE-2017-3881 Cisco Catalyst RCE Proof-Of-Concept https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/

"思科 Catalyst 2960 交换机 CVE-2017-3881 RCE Exploit，该漏洞是从 CIA 泄露文档库中发现的： https://t.co/4t1v9Cp72D"
Binni Shah @binitamshah

[ iOS ] osx-re-101 : A collection of resources for OSX/iOS reverse engineering : https://github.com/michalmalik/osx-re-101 cc @ michalmalik

"osx-re-101 - OSX/iOS 逆向工程资源合集︰ https://t.co/pl4TinPHQ9 "
Binni Shah @binitamshah

[ Network ] CAA checking becomes mandatory for SSL/TLS certificates : https://ma.ttias.be/caa-checking-becomes-mandatory-ssltls-certificates/ cc @ mattiasgeniar https://t.co/l99KI8fiHT

" CAA 记录可用于强制检测 SSL/TLS 证书的安全性︰ https://t.co/IkxQXzQjSm "
Binni Shah @binitamshah

[ Others ] CSRF in Facebook/Dropbox - "Mallory added a file using Dropbox" : http://blog.intothesymmetry.com/2017/04/csrf-in-facebookdropbox-mallory-added.html , Demo :… https://twitter.com/i/web/status/851442084301205504

" Facebook 在通过 Dropbox 传文件时存在 OAuth CSRF 漏洞： https://t.co/3Im0ME3NXi Demo： https://t.co/vpwDDpRFjT"
Nicolas Krassas @Dinosn

[ Others ] spectrology – Basic Audio Steganography Tool http://www.darknet.org.uk/2017/04/spectrology-basic-audio-steganography-tool/

"spectrology – 基础款音频隐写术工具： https://t.co/mYkFbJ47Fp"
Lee Holmes @Lee_Holmes

[ Programming ] Blogged - A Comparison of Shell and Scripting Language Security - https://blogs.msdn.microsoft.com/powershell/2017/04/10/a-comparison-of-shell-and-scripting-language-security/ https://t.co/V3Wp4snTtr

" Powershell 与其他脚本语言的安全性比较： https://t.co/pXGLY2RaXF "
Odisseus @_odisseus

[ Tools ] Really interesting tool: Bruteforce #WordPress Attack Suite also injects #BeEF hooks into all pages.… https://t.co/jImnU30LDN

" WPForce - 一款 Wordpress 漏洞利用工具： https://www.n00py.io/2017/03/squeezing-the-juice-out-of-a-compromised-wordpress-server/"
Cn33liz @Cneelis

[ Tools ] CScriptShell, a Powershell Host running within cscript.exe https://github.com/Cn33liz/CScriptShell Based on:… https://t.co/EVd4WiefgZ

" CScriptShell -- 使用 cscript.exe 运行 Powershell 以绕过应用白名单限制的工具： https://github.com/Cn33liz/CScriptShell"
Tenable @TenableSecurity

[ Tools ] Hunting Linux Malware with YARA http://ow.ly/hthI30aIV4U https://t.co/bOS3XiGa8L

"使用 YARA 狩猎 Linux 中的恶意软件： https://t.co/M9JlIMGHVN "
Cuckoo Sandbox @cuckoosandbox

[ Tools ] Folks. We have finally released Cuckoo Sandbox 2.0! Check it out! https://cuckoosandbox.org/2017-04-07-cuckoo-sandbox-200.html

"Cuckoo Sandbox 更新 2.0.0 版本： https://t.co/FRXIUYdBvc"
PythonArsenal @PythonArsenal

[ Tools ] apiscout - aims at simplifying Windows API import recovery on arbitrary memory dumps. Based on IDAPython, pefile. https://github.com/danielplohmann/apiscout

"ApiScout - 恶意软件逆向时还原隐藏的 Windows API 调用信息： https://t.co/zs9VGOLrxL"
.sean @seanmw

[ Tools ] Just pushed a script using @ fridadotre for analyzing malicious js/vbs files by hooking Win APIs. https://github.com/OALabs/frida-wshook #dfir #RE

"frida-wshook - 基于 Frida 的 WScript/CScript 插桩/Hook 框架，可以用来分析恶意脚本。而 Frida 框架本身支持向 Native APP（Windows/macOS/Linux/iOS/Android）注入 JS： https://t.co/OgdlOrWmhG "
Matt Miller @epakskape

[ Windows ] vmwp.exe (Hyper-V VM worker proc) enables nearly all mitigations in Windows 10 1703. Easy to see using this cmdlet:… https://twitter.com/i/web/status/851530611449765888

"Windows 10 Creators（1703）中的 vmwp.exe（Hyper-V VM Worker）几乎开启了所有的缓解措施： https://t.co/6KIng6kDNK ，缓解措施的开启情况是通过 PowerShell 工具库 ProcessMitigations 实现的： https://www.powershellgallery.com/packages/ProcessMitigations/1.0.7"
TinySec @TinySecEx

[ Windows ] share some of windows kernel vulnerability found by me with poc , you can try to write a exploit. https://github.com/tinysec/vulnerability

"TinySec 公开了他发现的多个 win32k 漏洞的 PoC： https://t.co/48N4eWH4J2"

Xuanwu Spider via 0xcc0xcd.com

[ Android ] Android Binder 驱动程序的基础数据结构： http://0xcc0xcd.com/p/books/978-7-121-18108-5/c511.php
Xuanwu Spider via freebuf

[ Industry News ] IIS4\IIS5 CGI环境块伪造0day漏洞，目前仍处于 0Day 状态，IIS4\IIS5 比较老了，微软不打算修复了： http://www.freebuf.com/vuls/31444.html
Xuanwu Spider via 长亭技术专栏

[ IoTDevice ] 实战栈溢出：三个漏洞搞定一台路由器： https://zhuanlan.zhihu.com/chaitin-tech
Xuanwu Spider via twitter

[ Private ] 据 f0rgetting 说，Windows 10 Creators 中的 ACG 缓解措施仍然是 AllowThreadOptOut，没有完全启用。而 MSRC 的同志解释说，原因是他安装的 VMware Tools 图形驱动引起的不兼容，建议他安装 Hyper-V： https://twitter.com/_f0rgetting_/status/850280693120684033
Xuanwu Spider via twitter

[ Private ] MSRC 的同志对 2006 年至今的内存破坏类漏洞的统计情况，近几年来看，栈破坏漏洞几乎快绝迹了，UAF 漏洞也在陡降，类型混淆和越界访问漏洞呈上升趋势： https://pbs.twimg.com/media/C9FGDJaUIAApolj.jpg https://pbs.twimg.com/media/C9EOYXNVwAAIlj-.jpg https://twitter.com/epakskape/status/851479629873332224
Xuanwu Spider via antiy.cn

[ SecurityReport ] 安天发布《2016网络安全威胁的回顾与展望》： http://www.antiy.cn/report/2016_Antiy_Annual_Security_Report.html
Xuanwu Spider via Github

[ Tools ] 为 Visual Studio 提供汇编代码高亮和补全功能的插件，支持 VS 2015/2017： https://github.com/HJLebbink/asm-dude
Xuanwu Spider via Github

[ Tools ] Metasploit 中新添加了针对趋势科技威胁发现组件的利用代码，一个认证绕过和一个命令注入漏洞（CVE-2016-7552/CVE-2016-7547）： https://github.com/rapid7/metasploit-framework/pull/8216

2017/04/11