腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/05/06

Nicolas Krassas @Dinosn

[ IoTDevice ] CAN bus reverse-engineering with Arduino and iOS https://medium.com/@ alexandreblin/can-bus-reverse-engineering-with-arduino-and-ios-5627f2b1709a

" 基于 iOS 和 Arduino 的 CAN Bus 逆向实战： https://medium.com/@alexandreblin/can-bus-reverse-engineering-with-arduino-and-ios-5627f2b1709a "
Matthew Risck @Mateusz_Jozef

[ Others ] A Meterpreter and Windows proxy case https://medium.com/@ br4nsh/a-meterpreter-and-windows-proxy-case-4af2b866f4a1

" A Meterpreter and Windows proxy case： https://medium.com/@br4nsh/a-meterpreter-and-windows-proxy-case-4af2b866f4a1 "
cobbr @cobbr_io

[ Others ] Slides from my "Obfuscating The Empire" presentation @ BSidesAustin yesterday: https://www.slideshare.net/RyanCobb16/obfuscating-the-empire

" 混淆 PowerEmpire 以绕过 AMSI 查杀： https://www.slideshare.net/RyanCobb16/obfuscating-the-empire "
Dᴀᴠɪᴅ Sᴏᴘᴀs @dsopas

[ Programming ] Go Secure Coding Practices guide v1.1.0 is out - https://github.com/Checkmarx/Go-SCP #golang #owasp

" Go-SCP - Go语言安全编码实践指南： https://github.com/Checkmarx/Go-SCP "
Context @CTXIS

[ SecurityProduct ] Exploiting Vulnerable Pandas: https://www.contextis.com/resources/blog/exploiting-vulnerable-pandas/ #Security #Infosec #Cybersecurity #Antivirus #vulnerability… https://t.co/nK5E12xZXj

" Android 版 Pandas 反病毒软件的软件更新过程存在漏洞（使用 HTTP 下载，下载文件校验不完善）： https://www.contextis.com/resources/blog/exploiting-vulnerable-pandas/ "
Binni Shah @binitamshah

[ Tools ] Build yourself a Linux : https://github.com/MichielDerhaeg/build-linux

" build-linux - 自己手动搭建小型 Linux 系统的教程： https://github.com/MichielDerhaeg/build-linux "
Bart @bartblaze

[ Tools ] Made a small tool to disable Intel AMT on Windows. Runs on both x86 and x64 Windows operating systems: https://t.co/0QYYHtnDUr

" Disable-Intel-AMT - 一个禁用 Intel AMT 的工具： https://github.com/bartblaze/Disable-Intel-AMT "
Florian Roth @cyb3rops

[ Tools ] certitude Python-based tool which aims at assessing the compromised perimeter during IR assignments https://github.com/CERT-W/certitude

" CERTitude - 应急响应处理时用于判断机器是否已经被攻破的工具： https://github.com/CERT-W/certitude "
Binni Shah @binitamshah

[ Vulnerability ] TLS verification vulnerability in LibreSSL 2.5.1-2.5.3 : http://seclists.org/oss-sec/2017/q2/145

" LibreSSL v2.5.1 - v2.5.3 存在 TLS 验证漏洞（CVE-2017-8301）： http://seclists.org/oss-sec/2017/q2/145 "
dukeBarman @dukebarman

[ Vulnerability ] Technical details of CVE-2017-5689 #Intel #AMT https://twitter.com/_embedi_/status/860541834606632961

" Intel AMT Web 管理接口认证漏洞的分析： https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf http://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability "

2017/05/06