腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/04/15

Mobile Security @m0bile_security

[ iOS ] iOS Kernel Integrity Protection bypass #MobileSecurity #iOSsecurity https://xerub.github.io/ios/kpp/2017/04/13/tick-tock.html

"iOS 9 开始引入的内核完整性保护（KPP）功能是如何实现的： https://t.co/lQKwqiPMLK"
Binni Shah @binitamshah

[ IoTDevice ] OBD-II Dongle Attack : Stopping a Moving Car via Bluetooth : https://argus-sec.com/remote-attack-bosch-drivelog-connector-dongle/ https://t.co/qid2H1OL2F

"博世的 Drivelog Connector OBD-II 电子狗存在漏洞，攻击者可以远程关闭汽车的发动机引擎︰ https://t.co/AZ5Z58SqHe "
JaromirHorejsi @JaromirHorejsi

[ MalwareAnalysis ] My latest blog post about TeamSpy, malware abusing TeamViewer https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer

" 深度分析滥用 Teamviewer 的后门 - TeamSpy： https://t.co/gnJEnplmL6 "
Binni Shah @binitamshah

[ Others ] The Power of Data-Oriented Attacks : Bypassing Memory Mitigation Using Data-Only Exploitation Technique (Part II) : http://conference.hitb.org/hitbsecconf2017ams/materials/D2T1%20-%20Bing%20Sun%20and%20Chong%20Xu%20-%20Bypassing%20Memory%20Mitigation%20Using%20Data-Only%20Exploitation%20Techniques.pdf

"数据攻击的威力 - 利用 Data-Only 技术突破内存利用缓解措施 Part 2，来自 McAfee 研究员在 HITB 2017 Ams 的演讲: https://t.co/085M7wKg0X Part 1 于 Blackhat Asia 上放出过： https://www.blackhat.com/docs/asia-17/materials/asia-17-Sun-The-Power-Of-Data-Oriented-Attacks-Bypassing-Memory-Mitigation-Using-Data-Only-Exploitation-Technique.pdf"
HITBSecConf @HITBSecConf

[ Others ] #HITB2017AMS D2T1 - Trammel Hudson - Bootstrapping Systems with Open Source Firmware - http://conference.hitb.org/hitbsecconf2017ams/materials/D2T1%20-%20Trammel%20Hudson%20-%20Bootstrapping%20Systems%20with%20Open%20Source%20Firmware.pdf

"基于开源固件(coreboot)加强系统启动过程中的安全性，来自 HITB AMS 2017 会议： https://t.co/4BW4eWCgfv"
Binni Shah @binitamshah

[ Others ] Fault Injection Attacks on Secure Boot : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T4%20-%20Niek%20Timmers%20and%20Albert%20Spruyt%20-%20Fault%20Injection%20Attacks%20On%20Secure%20Boot.pdf (Slides) #HITB2017AMS cc @ tieknimmers

"Fault Injection Attacks on Secure Boot ，HITB 2017 AMS 大会︰ https://t.co/SBQG4wNzC2 "
Binni Shah @binitamshah

[ Popular Software ] Hacking Customer Information Control System : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T1%20-%20Ayoub%20Elaassal%20-%20Hacking%20Customer%20Information%20System.pdf (Slides) cc @ ayoul3__ #HITB2017AMS

"攻击客户信息控制系统（CICS），来自 HITB 2017 AMS 大会︰ https://t.co/f8jKad1ksu "
Full Disclosure @SecLists

[ Popular Software ] Adobe Creative Cloud Desktop Application <= v4.0.0.185 Privilege Escalation https://goo.gl/fb/rYoVxv #FullDisclosure

"Adobe Creative Cloud Desktop Application <= v4.0.0.185 由于目录 ACL 设置不当引起的提取漏洞（CVE-2017-3006）： https://t.co/dEdzsRv1pn "
x0rz @x0rz

[ Windows ] Zippybeer authenticated RCE through SMB (445/tcp) on Windows domain controllers https://github.com/x0rz/EQGRP_Lost_in_Translation/blob/master/windows/exploits/Zippybeer-1.0.2.py #EquationGroup #ShadowBrokers

"程式组织泄露的第二批利用工具公开了，这次泄露了很多 Windows/Swift 相关的攻击工具，Windows 平台的主要是 SMB 和 RDP 相关的 0Day Exploits：解压后的代码： https://github.com/x0rz/EQGRP_Lost_in_Translation 还有一些相关的文章：《NSA 0day ETERNALBLUE 漏洞利用》： https://xianzhi.aliyun.com/forum/mobile/read/1512.html 《Latest Shadow Brokers dump — owning SWIFT Alliance Access, Cisco and Windows》： https://medium.com/@networksecurity/latest-shadow-brokers-dump-owning-swift-alliance-access-cisco-and-windows-7b7782270e70 "
HITBMedia @HITBMedia

[ Windows ] #HITB2017AMS D2T3 - James Forshaw - Introduction to Logical Privilege Escalation on Windows - http://conference.hitb.org/hitbsecconf2017ams/materials/D2T3%20-%20James%20Forshaw%20-%20Introduction%20to%20Logical%20Privilege%20Escalation%20on%20Windows.pdf

"Windows 上的逻辑权限提升，来自 HITB2017AMS Workshop 上 James Forshaw 演讲： https://t.co/rYgPeTH9B4"
netbiosX @netbiosX

[ Windows ] [New Post] Privilege Escalation via Hot Potato https://pentestlab.blog/2017/04/13/hot-potato/ #pentestlab #hotpotato #pentest #Pentesting

" Windows 提权技术之 Hot Potato： https://t.co/E7LQibsZhg "
Binni Shah @binitamshah

[ Windows ] Setting up a Shiny Development Environment within Linux on Windows 10 : https://www.hanselman.com/blog/SettingUpAShinyDevelopmentEnvironmentWithinLinuxOnWindows10.aspx https://t.co/y28E7cnYb2

" 在 Win10 的 Linux 子系统里搭建酷炫的开发环境︰ https://t.co/4ceYaVlt7N https://t.co/y28E7cnYb2"
Binni Shah @binitamshah

[ WirelessSecurity ] Lure10 : Exploiting Windows Automatic Wireless Association Algorithm : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T4%20-%20George%20Chatzisofroniou%20-%20Exploiting%20Windows%20Automatic%20Wireless%20Association%20Algorithm.pdf (Slides) #HITB2017AMS cc @ _sophron

"攻击 Windows 10 中的 Wi-Fi Sense 自动连接功能，这个功能是通过 '众包' 模式实现的，来自 HITB 2017 AMS 大会︰ https://t.co/iG37ph80Bu "
Binni Shah @binitamshah

[ WirelessSecurity ] So You Want to Hack Radios - A Primer on Wireless Reverse Engineering : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T4%20-%20Marc%20Newlin%20and%20Matt%20Knight%20-%20So%20You%20Want%20to%20Hack%20Radios.pdf (Slides) #HITB2017AMS cc @ marcnewlin

"想要破解 Radios？ -- 无线逆向入门教程，来自 HITB 2017 AMS : https://t.co/NWBe8sYUMX "

2017/04/15