腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Backdoor ] Introduction to Manual Backdooring : https://drive.google.com/file/d/0BzTMVvQpyo1bN2JOM1ZfVmVGRFU/preview , Mirror : https://www.exploit-db.com/docs/42061.pdf (pdf) cc @ abatchy17
" 如何在 PE 文件中手动植入一个后门: https://t.co/rKpiP33yPV "
-
[ Browser ] Same question goes for #v8; I'd like to see what code they generate for various input. https://twitter.com/berendjanwever/status/867721975023755265
" 如何 Dump ChakraCore 引擎生成的 Bytecode: https://t.co/LAdXpPIi9B "
-
[ Browser ] WebKitGTK+ Security Advisory WSA-2017-0004 https://webkitgtk.org/security/WSA-2017-0004.html
" WebKitGTK+ 昨天发布漏洞公告,修复了多个漏洞: https://t.co/A8geg8fq97 "
-
[ Browser ] Mozilla Firefox: Memory disclosure in ConvolvePixel https://bugs.chromium.org/p/project-zero/issues/detail?id=1185
" Mozilla Firefox: Memory disclosure in ConvolvePixel(CVE-2017-5465): https://t.co/dwzBnngXw2 "
-
[ Browser ] Mozilla Firefox: out-of-bounds read in gfxTextRun https://bugs.chromium.org/p/project-zero/issues/detail?id=1160
" Mozilla Firefox: out-of-bounds read in gfxTextRun(CVE-2017-5447): https://t.co/yUssY9vIYq "
-
[ Conference ] At last ! Here is the list of selected talks for REcon Montreal 2017: https://recon.cx/2017/montreal/news/2017/05/24/Talks-Announced.html
" RECON 2017 会议的议题列表公布了: https://t.co/yChklQV1X1 "
-
[ Industry News ] NSA EsteemAudit exploit could trigger a new WannaCry-like attack http://securityaffairs.co/wordpress/59450/hacking/nsa-esteemaudit-exploit-patch.html
" enSilo 公司研究员认为 NSA 泄露的针对 3389 端口的 EsteemAudit Exploit 也可能触发类似 WannaCry 的攻击: https://t.co/k69ygTJBEd "
-
[ IoTDevice ] SoK: Exploiting Network Printers https://www.ieee-security.org/TC/SP2017/papers/64.pdf
" SoK: Exploiting Network Printers,来自 IEEE 会议: https://t.co/Xi2PVphYtB "
-
[ Malware ] Master Keys for Crysis ransomware released on a forum http://securityaffairs.co/wordpress/59427/malware/crysis-ransomware-decripting-tool.html
" 有人在 BleepingComputer.com 论坛放出了 Crysis 勒索软件最新变种的 200 个 Master Key : https://t.co/n3bqKKxNDa "
-
[ Malware ] A Rising Trend: How Attackers are Using LNK Files to Download Malware http://blog.trendmicro.com/trendlabs-security-intelligence/rising-trend-attackers-using-lnk-files-download-malware/
" 趋势科技发现,最近利用 LNK 快捷方式文件与 PowerShell 结合下载恶意软件的攻击数量在上升: https://t.co/VZzH7qQz4O "
-
[ MalwareAnalysis ] Dridex: A History of Evolution https://securelist.com/analysis/publications/78531/dridex-a-history-of-evolution/
" Dridex 银行木马的发展历程,仅 2015 年,它所造成的损失就超过 4000 万美元,来自卡巴斯基: https://t.co/V7k7v0tG1h "
-
[ Others ] Skia Graphics Library: heap overflow due to rounding error in SkEdge::setLine https://bugs.chromium.org/p/project-zero/issues/detail?id=1155
" Skia Graphics Library: heap overflow due to rounding error in SkEdge::setLine: https://t.co/BbhvjBf4zR "
-
[ Others ] Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits https://www.ieee-security.org/TC/SP2017/papers/579.pdf
" Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits。如何快速替换别人 Exploit 中的 Shellcode,作者提出了 ShellSwap 方法,来自 IEEE 会议: https://t.co/O0O7enY39X "
-
[ Others ] Cryptographic Function Detection in Obfuscated Binaries via Bit-precise Symbolic Loop Mapping https://www.ieee-security.org/TC/SP2017/papers/121.pdf
" 利用 "Bit-precise Symbolic Loop Mapping" 技术识别混淆后的二进制中存在的加密相关函数,来自 IEEE 会议: https://t.co/X6dNHOwLSd "
-
[ Others ] If you like kernel security or the Bochspwn project, feel invited to my Bochspwn Reloaded talk at @ reconmtl and… https://twitter.com/i/web/status/867856321831256064
" j00ru 将在 BlackHat USA 2017 会议讲如何利用 Bochspwn/x86 模拟/污点追踪 检测内核中的信息泄露: https://t.co/hUTz5InBD1 "
-
[ SecurityProduct ] New post: Database Firewall from Scratch https://raz0r.name/talks/database-firewall-from-scratch/
" 从零开始构建数据库防火墙: https://raz0r.name/talks/database-firewall-from-scratch/ "
-
[ SecurityReport ] Tainted Leaks: Disinformation and Phishing With a Russian Nexus https://citizenlab.org/2017/05/tainted-leaks-disinformation-phish/
" Tainted Leaks - 与俄罗斯有关的一个钓鱼与虚假情报攻击行动,来自 CitizenLab 发布的一份调查报告: https://t.co/zBXc9C8hOd "
-
[ Tools ] That Is Not My Child Process! | by Didier Stevens | https://blog.didierstevens.com/2017/03/20/that-is-not-my-child-process/
" SelectMyParent - Didier Stevens 写的一个 Windows 命令行工具,用这个工具创建进程,可以随意指定新进程的父进程(Parent Process): https://t.co/dUDiD3dw9Z "
-
[ Tools ] Another new macOS keychain cracker https://github.com/macmade/KeychainCracker by @ macmade The other one is https://github.com/n0fate/chainbreaker by @ n0fate
" 两款用来破解 MacOS Keychain 的工具: KeychainCracker: https://t.co/dfgbr9dcWi chainbreaker: https://github.com/n0fate/chainbreaker "
-
[ Windows ] MsMpEng: Multiple problems handling ntdll!NtControlChannel commands https://bugs.chromium.org/p/project-zero/issues/detail?id=1260
" MsMpEng: Multiple problems handling ntdll!NtControlChannel commands,MsMpEng 中的 x86 模拟器实现的 ntdll!NtControlChannel 处理命令时存在漏洞: https://bugs.chromium.org/p/project-zero/issues/detail?id=1260 "
-
[ Android ] 内网穿透——ANDROID木马进入高级攻击阶段(二): http://blogs.360.cn/360mobile/2017/05/25/analysis_of_milkydoor/
-
[ Browser ] JavaScript Bindings 层的漏洞挖掘与防御,来自 IEEE 会议: https://www.ieee-security.org/TC/SP2017/papers/16.pdf
-
[ Fuzzing ] Skyfire: Data-Driven Seed Generation for Fuzzing,Fuzzing 过程中数据驱动的种子文件生成: https://www.ieee-security.org/TC/SP2017/papers/42.pdf
-
[ Others ] Analysis of DCOM Lateral Movement Using MMC20.Application: http://thenegative.zone/incident%20response/2017/02/04/MMC20.Application-Lateral-Movement-Analysis.html http://thenegative.zone/incident%20response/2017/03/02/Memory-Analysis-of-MMC20.Application-Lateral-Movement.html
-
[ Tools ] File2pcap - 随意指定文件,生成 Pcap 流量包的工具,支持多种协议: http://blog.talosintelligence.com/2017/05/file2pcap.html
-
[ Vulnerability ] Samba 漏洞中,定位上传的 so 路径不太容易。Tavis 发现了一个方法:/proc/%u/cwd/foo.so: https://twitter.com/taviso/status/867554062291484672
-
[ Vulnerability ] 专注收购漏洞的 Zimperium 又公开了一个漏洞的细节,这次是 NVIDIA nvhost-vic 驱动的提权漏洞(CVE-2016-2434),上次是两个 Android 驱动的漏洞: https://blog.zimperium.com/nday-2017-0106-elevation-of-privilege-in-nvidia-nvhost-vic-driver/