腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/05/18

Mike_Mimoso @Mike_Mimoso

[ APT ] .#APT3 Linked to Chinese Ministry of State Security: https://threatpost.com/apt3-linked-to-chinese-ministry-of-state-security/125750/ via @ threatpost

" Recorded Future 发布了一份报告，分析中.国与 APT.3 攻击组织之间的联系： https://t.co/t6IDQc7vkw "
Security Art Work @Securityartwork

[ Industry News ] "New Pirates of the Caribbean movie leaked online after hackers fail to extort money" https://www.grahamcluley.com/new-pirates-caribbean-movie-leaked-online-hackers-fail-extort-money/

" 昨天推送了黑客威胁迪士尼为加勒比海盗五交勒索金的事件。而昨天晚些时候，黑客因为没有收到钱，直接将电影公开了，放到了海盗湾 BT 站上： https://www.grahamcluley.com/new-pirates-caribbean-movie-leaked-online-hackers-fail-extort-money/ "
Chris Evans @scarybeasts

[ Linux ] [blog] Further hardening glibc malloc() against single byte overflows https://scarybeastsecurity.blogspot.com/2017/05/further-hardening-glibc-malloc-against.html

" 进一步加固 glibc malloc()，缓解单字节溢出对抗 64 位系统 ASLR 的问题： https://t.co/Uew51HutVc "
Project Zero Bugs @ProjectZeroBugs

[ macOS ] MacOS uses an insecure swap file https://bugs.chromium.org/p/project-zero/issues/detail?id=1131

" macOS 系统 Root 用户可以直接写 swap 内存交换文件(/private/var/vm/swapfile0)（CVE-2017-2494）： https://bugs.chromium.org/p/project-zero/issues/detail?id=1131 "
TrendLabs @TrendLabs

[ Malware ] New post: After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit http://bit.ly/2qrG4dU @ TrendMicro

" 多款恶意软件都看上了 EternalBlue(MS17-010)，趋势科技检测到了一款利用这个漏洞的新勒索软件 - UIWIX，UIWIX 具有反调试和沙盒虚拟机探测功能： https://t.co/Uqc6gUaITJ "
Matthew Risck @Mateusz_Jozef

[ Popular Software ] Oracle PeopleSoft Remote Code Execution: Blind XXE to SYSTEM Shell https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce

" Oracle PeopleSoft 远程代码执行漏洞分析与利用：从 BLIND XXE 到 SYSTEM SHELL（CVE-2013-3821）： https://t.co/dyWnq07Av5 "
Sucuri @sucurisecurity

[ Popular Software ] Details about the SQL Injection Vulnerability in #Joomla! 3.7. Update your sites to v. 3.7.1 ASAP! https://t.co/wLL00fSH4l by @MarcS0h

" Joomla! 3.7 SQL 注入漏洞详情(CVE-2017-8917)： https://t.co/wLL00fSH4l "
Artem I. Baranov @artem_i_baranov

[ Rootkit ] GrayFish rootkit analysis http://artemonsecurity.blogspot.com/2017/05/grayfish-rootkit-analysis.html

" 方程式组织的 GrayFish Rootkit 分析： http://artemonsecurity.blogspot.hk/2017/05/grayfish-rootkit-analysis.html "
Binni Shah @binitamshah

[ Rootkit ] Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access : https://www.slideshare.net/IgorKorkin/detect-kernelmode-rootkits-via-real-time-logging-controlling-memory-access , Paper : https://0bb29b31-a-62cb3a1a-s-sites.googlegroups.com/site/igorkorkin/cdfsl17_paper_tanda_korkin.pdf?attachauth=ANoY7coC9UAU5jfo172RIa7Vx-zCEVMYQrDdnQMM_UVH3M7GJEuj-75VcZNry3V81RjMXuzlp3wTDwya2nXr9T0nzBhac5_GYpV-NsKn3ibTM_kpjCLDo18YmjJoQ2PE8SQuCfLhpgvH8NfRyhuSxW51bR49LuweUQA7AqrbvUNwJvWFodbqwNdJ_Qoywn4dpCB8s46qihhHTeZFYs7q8oi3SXjn2oJpxVJy5s-x4ccYp9es51F4ebk%3D&attredirects=0

" 利用基于 Intel VT 的内存控制和分析技术检测内核态的 RootKit： https://www.slideshare.net/IgorKorkin/detect-kernelmode-rootkits-via-real-time-logging-controlling-memory-access Paper: https://sites.google.com/site/igorkorkin/cdfsl17_paper_tanda_korkin.pdf?attredirects=1 "
Binni Shah @binitamshah

[ Rootkit ] RootKits-List-Download : This is the list of all rootkits found so far on github and other sites : https://github.com/d30sa1/RootKits-List-Download

" 开源 RootKits 收集： https://t.co/c4Yrh0kxuw "
Casey Smith @subTee

[ Tools ] Anyone have .NET guidance on preventing your application from being profiled? Some here... https://github.com/0xd4d/antinet

" antinet - 用于 .NET 环境中 Anti-Debugger 和 Anti-Profiler 的代码实现： https://t.co/CPxIAFW5CW "
James Forshaw @tiraniddo

[ Tools ] Updated NtObjectManager PS Module https://www.powershellgallery.com/packages/NtObjectManager/1.0.4 and also NuGet'd NtApiDotNet https://www.nuget.org/packages/NtApiDotNet/1.0.4 saves time writing PoCs :-)

" NtObjectManager - James Forshaw 写的一个用于访问对象管理器的 PowerShell 工具库： https://www.powershellgallery.com/packages/NtObjectManager/1.0.4 "
Binni Shah @binitamshah

[ Tools ] ssh-mitm : SSH MITM tool : https://github.com/jtesta/ssh-mitm

" ssh-mitm - SSH 中间人攻击工具： https://github.com/jtesta/ssh-mitm "
Project Zero Bugs @ProjectZeroBugs

[ Windows ] Windows: Running Object Table Register ROTFLAGS_ALLOWANYCLIENT EoP https://bugs.chromium.org/p/project-zero/issues/detail?id=1112

" Windows: Running Object Table Register ROTFLAGS_ALLOWANYCLIENT EoP（CVE-2017-0214）： https://bugs.chromium.org/p/project-zero/issues/detail?id=1112 "
Project Zero Bugs @ProjectZeroBugs

[ Windows ] Windows: COM Aggregate Marshaler/IRemUnknown2 Type Confusion EoP https://bugs.chromium.org/p/project-zero/issues/detail?id=1107

" Windows: COM Aggregate Marshaler/IRemUnknown2 Type Confusion EoP（CVE-2017-0213）： https://bugs.chromium.org/p/project-zero/issues/detail?id=1107 "

XuanwuSpider via 网安国际

[ ] Towards Efficient Heap Overflow Discovery - 基于执行路径离线分析漏洞挖掘方案以及原型系统 HOTracer： http://mp.weixin.qq.com/s/Ren41JKOghb2XNhyZbVN6w
XuanwuSpider via 网安国际

[ Others ] 伪基站电信诈骗的大规模识别与定位： http://mp.weixin.qq.com/s/l4e2QUFAnk-HmMV4oylU8A
XuanwuSpider via shhnjk.blogspot.com

[ Popular Software ] 滥用 iBooks ePub reader 执行 JS 实现敏感用户信息泄露漏洞（CVE-2017-2497）： https://shhnjk.blogspot.com/2017/05/is-your-epub-reader-secure-enough.html
XuanwuSpider via FreeBuf

[ Tools ] T-Pot 开源多蜜罐平台：让蜜罐实现更简单： http://www.freebuf.com/sectool/134504.html
XuanwuSpider via 安全客

[ Windows ] 如何利用.NET托管的DCOM实现权限提升，来自华为未然实验室对 Project Zero Blog 的翻译： http://bobao.360.cn/learning/detail/3866.html

2017/05/18