腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Detecting tampering with #FRIDA from within an Android app #MobileSecurity #AndroidSecurity by @muellerberndt https://t.co/2cfW3kMV85
The Jiu-Jitsu of Detecting Frida: http://www.vantagepoint.sg/blog/90-the-jiu-jitsu-of-detecting-frida
-
[ Browser ] We just released the first part of our pwn2own writeup series! :) https://twitter.com/phoenhex/status/860184736056176641
Pwn2Own 2017 Samuel Groß 攻击 Safari 所使用的 WebKit JSC::CachedCall UAF 漏洞的分析(CVE-2017-2491),这是个系列文章,将会完整介绍他们从 WebKit UAF 到 MacBook Pro Root 提权的过程,今天是第一篇: https://phoenhex.re/2017-05-04/pwn2own17-cachedcall-uaf
-
[ Industry News ] Stealthy RAT Targeting North Korea Since 2014 #Konni https://threatpost.com/stealthy-rat-targeting-north-korea-since-2014/125450/ via @ threatpost
自2014年起便开始攻击朝鲜的远程控制软件 Konni 被 Cisco Talos 团队曝光: https://threatpost.com/stealthy-rat-targeting-north-korea-since-2014/125450/
-
[ Industry News ] Good to see more research on ultrasound-based tracking technology! https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/ http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf by @ mlsec @ chwress et al.
-
[ macOS ] YARA signatures for Snake / Turla OSX malware https://github.com/Neo23x0/signature-base/blob/master/yara/apt_snaketurla_osx.yar Report by @ foxit https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/ https://t.co/H3xXOW2JIz
Fox-IT 的研究员发现 Snake 恶意软件框架首次出现了攻击 MacOS 操作系统的版本: https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/ Github: https://github.com/Neo23x0/signature-base/blob/master/yara/apt_snaketurla_osx.yar
-
[ Mobile ] [CVE-2017-0582] #Nexus 9 #SensorHub #Firmware #Downgrade #Vulnerability https://alephsecurity.com/vulns/aleph-2017010
Google Nexus 9 SensorHub Firmware Downgrade Vulnerability(CVE-2017-0582): https://alephsecurity.com/vulns/aleph-2017010
-
[ Others ] [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode https://lkml.org/lkml/2017/5/4/220 @ mlqxyz @ misc0110 @ BloodyTangerine #ESSoS17 #ruhrsec
针对最近攻击 x86_64 KASLR 的技术,奥地利格拉茨技术大学的研究员提出了 KAISER(Kernel Address Isolation to have Side-channels Efficiently Removed) 防护技术,用户态执行时不再映射内核空间,他还给出了实现代码: https://lkml.org/lkml/2017/5/4/220 paper: https://gruss.cc/files/kaiser.pdf
-
[ Others ] New blog post after some time! How to Protect an Exploit: Detecting PageHeap http://snf.github.io/2017/05/04/exploit-protection-i-page-heap/
这篇文章站在 Exploiter 的角度,介绍如何保护自己的 Exploit,尽量避免被检测和分析。这是个系列文章,第一篇介绍如何检测 PageHeap 的开启: http://snf.github.io/2017/05/04/exploit-protection-i-page-heap/
-
[ Pentest ] PowerShell Injection with Diskless Persistence and Bypass Techniques : http://www.binarydefense.com/powershell-injection-diskless-persistence-bypass-techniques/ cc @ HackingDave
PowerShell 无文件持久化技术与常用的防御绕过技术介绍: http://www.binarydefense.com/powershell-injection-diskless-persistence-bypass-techniques/
-
[ Popular Software ] WordPress Core <= 4.7.4 Potential Unauthorized Password Reset (0day). https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
WordpPress 4.7 无需登录即可利用的密码重置漏洞(CVE-2017-8295): https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
-
[ SecurityReport ] New #ZDI white paper available--Auditing #Adobe #Reader: The Open Source Attack Surface in Closed Source Software. http://bit.ly/2p1QGRO
闭源软件的开源攻击面 - 挖掘 Adobe Reader XSLT 引擎的漏洞,来自趋势科技的漏洞研究报告: https://static1.squarespace.com/static/5894c269e4fcb5e65a1ed623/t/590b42a2ff7c500c50fc2ceb/1493921555683/ZDI+Adobe_XSLT_Report.pdf
-
[ Tools ] JEB Decompiler for MIPS https://www.pnfsoftware.com/jeb2/mips
JEB Decompiler(反编译工具)支持 MIPS 了: https://www.pnfsoftware.com/jeb2/mips
-
[ Tools ] Toolkit for performing targeted evil twin attacks against WPA2 by @ s0lst1c3 http://bit.ly/2pTxt4t #cybersecurity… https://t.co/vDaF2bp9pt
eaphammer - 针对 WPA2-EAP 网络的攻击工具包,可简单实现 RADIUS 凭证窃取、Captive Portal 页面钓鱼等攻击方式: https://github.com/s0lst1c3/eaphammer
-
[ Virtualization ] https://4sysops.com/archives/how-to-run-hyper-v-under-vmware-workstation/ Quite helpful for trying out amazing features of #Windows10 like #VBS #DG #CG
如何在 VMware 内部嵌套安装并运行 Hyper-V: https://4sysops.com/archives/how-to-run-hyper-v-under-vmware-workstation/
-
[ Web Security ] Pwning PHP mail() function For Fun And RCE : https://exploitbox.io/paper/Pwning-PHP-Mail-Function-For-Fun-And-RCE.html
针对 PHP mail() 函数的攻击方式与利用案例: https://exploitbox.io/paper/Pwning-PHP-Mail-Function-For-Fun-And-RCE.html
-
[ Windows ] V cool security engineering work here by Windows to hardware-isolate Edge browser sessions (coming soon to Win10) https://t.co/gPVPbfgSqM
去年 9 月份推送过一条消息,微软称将在 2017 年推出 Windows Defender Application Guard 保护技术,它提供一个轻量级虚拟机隔离环境运行 Edge 浏览器。今天微软放出的 Windows 10 Insider Preview Build 16188 版本就集成了这项保护特性: https://blogs.windows.com/windowsexperience/2017/05/04/announcing-windows-10-insider-preview-build-16188-pc-build-15210-mobile/#h5LlBDRQU7abYzvh.97 https://techcommunity.microsoft.com/t5/Windows-Insider-Program/Windows-Defender-Application-Guard-Standalone-mode/m-p/66903
-
[ Windows ] Awesome new Windows 10 exploit mitigation documentation and configuration guidance/tooling! https://technet.microsoft.com/en-us/itpro/windows/keep-secure/overview-of-threat-mitigations-in-windows-10
Windows Defender ATP 团队近期检测到了一个针对第三方编辑工具的高级攻击 - WilySupply 行动,攻击者利用的是软件的更新渠道: https://blogs.technet.microsoft.com/mmpc/2017/05/04/windows-defender-atp-thwarts-operation-wilysupply-software-supply-chain-cyberattack/ Windows 10 本身有一些保护特性可以帮助我们发现并防护威胁: https://docs.microsoft.com/zh-cn/windows/threat-protection/overview-of-threat-mitigations-in-windows-10
-
[ macOS ] macOS < 10.12.4 trigger for kernel/ring-0 heap overflow PoC: https://pastebin.com/sF1Kv1hq
-
[ WirelessSecurity ] 蓝牙 App 漏洞系列分析之一 CVE-2017-0601 提权中危漏洞: https://xianzhi.aliyun.com/forum/read/1570.html