腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/04/19

vangelis @vangelis_at_POC

[ Android ] One more #Zer0Con slide was released. Dan Austin's slide: https://source.android.com/security/reports/zer0-conf-2017-Your-Move.pdf

"关于 Android 漏洞利用及缓解技术的演讲，来自 Google 的 Dan Austin 在 Zer0 会议上的分享︰ https://t.co/TcxfFhIQxm"
Project Zero Bugs @ProjectZeroBugs

[ Browser ] Apple WebKit: UXSS via PrototypeMap::createEmptyStructure https://bugs.chromium.org/p/project-zero/issues/detail?id=1084

"Apple WebKit: UXSS via PrototypeMap::createEmptyStructure ： https://t.co/4bsgFOwjYe"
Ben Hawkes @benhawkes

[ iOS ] Project Zero blog: "Exception-oriented exploitation on iOS" by Ian Beer - https://googleprojectzero.blogspot.com/2017/04/exception-oriented-exploitation-on-ios.html

"iOS 基于异常的漏洞利用技术，Project Zero 这篇 Blog 介绍了 Ian Beer 借助异常消息处理实现对 mach_voucher_extract_attr_recipe_trap mach trap 堆溢出漏洞的利用（CVE-2017-2370）： https://t.co/EeRzN5226E"
Synacktiv @Synacktiv

[ Pentest ] DPAPI exploitation during a pentest, slides presented @ sth4ck by @ Fist0urs are here: http://www.synacktiv.ninja/ressources/synacktiv_DPAPI_Sthack.pdf

"渗透测试中的 DPAPI 利用方式，DPAPI 是从 Windows 2000 开始内置的一套密码学编程接口︰ https://t.co/sqcnnHz9vv"
Quequero @quequero

[ Popular Software ] Unitrends RCE (CVE-2017-7280) exploitation: https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-2/ https://t.co/Uzpp3lVYVs

"Unitrends （企业备份软件）远程代码执行漏洞分析（CVE-2017-7280） Part 2︰ https://t.co/ozBpxJHlKi "
Wolfgang Weigend @wolflook

[ SecurityReport ] The upcoming #Java critical patch update contains 9 new security fixes for Oracle Java SE http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html #JDK 8 #Java security

" Oracle 发布 2017 年 4 月漏洞公告，本次共修复各个产品家族共 299 个漏洞： https://t.co/TtTE3zGyBW "
NCC Group Infosec @NCCGroupInfosec

[ Tools ] NCC Group Tool: A Generic Windows Memory Scraping Tool - https://github.com/nccgroup/mnemosyne by @ m4tt_lewis

"mnemosyne - 一款通用 Windows 内存扫描工具： https://t.co/fn1U8KXOZ2"
x0rz @x0rz

[ Tools ] How to make your Ubuntu less shitty https://github.com/butteff/Ubuntu-Telemetry-Free-Privacy-Secure #privacy #ubuntu

" Ubuntu-Telemetry-Free-Privacy-Secure 可用于删除存在潜在风险或高风险的预装软件的 Bash 脚本： https://t.co/FtLdLSQn8S "
Binni Shah @binitamshah

[ Tools ] CompileShellCode.py : Embed up to 65KB of Shellcode into a x86 Windows exe for analysis : https://github.com/roastbeef/compileShellCode/blob/master/compileShellCode.py

"CompileShellCode - 将小于 65 KB 的 x86 shellcode 注入到 Windows 可执行文件中的 Python 脚本: https://t.co/UkVE8l5wLl"
Binni Shah @binitamshah

[ Tools ] LiME (Linux Memory Extractor) : Allows acquisition of volatile memory from Linux and Linux-based devices : https://github.com/504ensicsLabs/LiME

"LiME - Linux 内存抓取工具，也支持 Android，实现为一个可加载的内核模块︰ https://t.co/Sz9AENy3If"
Binni Shah @binitamshah

[ Tools ] Advanced computer science concepts behind the Xi editor : https://github.com/google/xi-editor/tree/master/doc/rope_science

" Xi Editor - Google 开源的一个 Rust 语言写的编辑器︰ https://t.co/mKExNV06SA"
Justin Seitz @jms_dot_py

[ Tools ] New Post! Building a Keyword Monitoring Pipeline with Python, Pastebin and Searx | Automating OSINT Blog https://t.co/oSVOAaqcL6 #OSINT

"用 Python、Pastebin 和 Searx 构建关键字监控工具： https://t.co/oSVOAaqcL6 "
Justin Cormack @justincormack

[ Tools ] Docker announces LinuxKit! https://github.com/linuxkit/linuxkit and see also the blog post https://blog.docker.com/2017/04/introducing-linuxkit-container-os-toolkit/

"Docker 官方公开了一个工具 LinuxKit，用于构建一个安全、精简、便携的 Linux 子系统，该子系统作为组件为各平台提供 Linux 容器功能： https://t.co/vPLV3tOrKd Github： https://t.co/TSrsvSGNPC "
Frank Denis @jedisct1

[ Virtualization ] An overview of the PHP7 virtual machine https://nikic.github.io/2017/04/14/PHP-7-Virtual-machine.html

"PHP 7 Zend 虚拟机的技术概览： https://t.co/3aNs6ihSTC"
Noam Rathaus @nrathaus

[ Vulnerability ] #SSD Advisory – Ubuntu LightDM Guest Account Local Privilege Escalation - https://blogs.securiteam.com/index.php/archives/3134

" Ubuntu LightDM Guest 账户本地提权漏洞详情（CVE-2017-7358）： https://t.co/L5lyArPfK7"
Pierre Ernst @e_rnst

[ Vulnerability ] CVE-2017-5662 XXE vulnerability in Apache Batik http://seclists.org/oss-sec/2017/q2/85 #java #infosec

" Apache Batik XXE 信息泄露漏洞（CVE-2017-5662）： https://t.co/UdHb3Ig36p "
James Forshaw @tiraniddo

[ Windows ] Make sure you're up to date if you use WMI/DCOM in .NET otherwise you could get hacked back https://bugs.chromium.org/p/project-zero/issues/detail?id=1081 /cc @ daveaitel @ blowdart

"Windows: ManagementObject Arbitrary .NET Serialization RCE（CVE-2017-0160）： https://t.co/HTfp9V03Mv "
Heike Ritter @HeikeRitter

[ Windows ] New playbook! How enterprises can leverage Windows Defender ATP to detect, investigate & mitigate #ransomware https://t.co/Vux7sKfx3t

"微软发布的《Windows Defender ATP 勒索软件响应手册》，介绍了如何利用 Windows Defender ATP 平台检测、调查以及缓解勒索软件的威胁： https://t.co/Vux7sKfx3t"
James Forshaw @tiraniddo

[ Windows ] Fun Edge/UWP sandbox escape https://bugs.chromium.org/p/project-zero/issues/detail?id=1079 would be accessible from LPAC as well being in the core RuntimeBroker COM server :-D

" Windows Runtime Broker ClipboardBroker（剪贴板）提取，利用这个漏洞可以实现 IE/Edge 浏览器的沙箱逃逸（CVE-2017-0211）： https://t.co/CAmJMmEj0C"

Xuanwu Spider via pan.baidu.com

[ Conference ] 他山之石可以攻御，主要讲的是一些常见的绕过漏洞的原因和解决方案。来自呆子不开口在 QCon 的演讲： https://pan.baidu.com/s/1boUehKr
Xuanwu Spider via securityaffairs.co

[ Industry News ] 有安全专家在 Shadow Broker 泄露的 NSA 攻击工具中找到了与 Stuxnet 病毒之间的关联： http://securityaffairs.co/wordpress/58098/cyber-warfare-2/shadow-brokers-link-stuxnet.html
Xuanwu Spider via 安全客

[ iOS ] iOS 安全之针对 mach_portal 的分析： http://bobao.360.cn/learning/detail/3740.html
Xuanwu Spider via packetstormsecurity.com

[ Windows ] Windows taskschd.msc 本地 SYSTEM 提取 Exploit: https://packetstormsecurity.com/files/142191

2017/04/19