腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/05/27

Renwei Ge @RatedG4E

[ Conference ] Slides available here, https://qct-qualcomm.secure.force.com/QCTConference/servlet/servlet.FileDownload?file=015a0000002ncVu

" 高通 2017 移动安全峰会的几个议题资料公开了：公开议题总览： https://qct-qualcomm.secure.force.com/QCTConference/GenericSitePage?eventname=2017Security&page=Presentations 《亲爱的，你的攻击面被我砍掉了 - Android 安全加固实战》： https://qct-qualcomm.secure.force.com/QCTConference/servlet/servlet.FileDownload?file=015a0000002ncVu 《Hardware Root of Mistrust》： https://qct-qualcomm.secure.force.com/QCTConference/servlet/servlet.FileDownload?file=015a0000002ncVk ; 《syzkaller - 下一代内核 Fuzzer》： https://qct-qualcomm.secure.force.com/QCTConference/servlet/servlet.FileDownload?file=015a0000002ncW9 "
hasherezade @hasherezade

[ Malware ] I wrote a short post: "Hijacking extensions handlers as a #malware persistence method": https://hshrzd.wordpress.com/2017/05/25/hijacking-extensions-handlers-as-a-malware-persistence-method/

" 恶意软件劫持扩展名处理程序以持久控制系统： https://t.co/OSAYl1kU73 "
Nicolas Krassas @Dinosn

[ Others ] Building Searchable Encrypted Databases with PHP and SQL https://paragonie.com/blog/2017/05/building-searchable-encrypted-databases-with-php-and-sql

" 使用 PHP 与 SQL 搭建可搜索的加密数据库： https://t.co/6jBHDHGRwi "
Mike_Mimoso @Mike_Mimoso

[ Others ] Phishing campaigns abusing trust in HTTPS. https://threatpost.com/rash-of-phishing-attacks-use-https-to-con-victims/125937/

" 利用普通用户对HTTPS协议的信任，越来越多的钓鱼攻击都在使用HTTPS： https://t.co/mIVLRk36e2 "
Binni Shah @binitamshah

[ Protocol ] SSL and TLS Deployment Best Practices : https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

" SSL及TLS部署实践： https://t.co/xUeM7c3VEi "
Nicolas Krassas @Dinosn

[ Tools ] CVE-2017-7494 - Detection Scripts https://github.com/Waffles-2/SambaCry

" SambaCry: CVE-2017-7494 Samba 远程代码执行漏洞的 Nmap 检测脚本： https://github.com/Waffles-2/SambaCry "
NCC Group US InfoSec @NCCsecurityUS

[ Tools ] [New Tool] Modify the asset portions of #Android apps on the fly without modifying the APK in our new tool AssetHook https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/may/assethook-a-redirector-for-android-asset-files-using-old-dogs-and-modern-tricks/

" AssetHook - NCC Group 开源的一个 Android App Asset 资源数据运行时编辑工具，利用这个工具安全研究者可以更方便地测试 Android App，而且不需要修改 APK 本身： https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/may/assethook-a-redirector-for-android-asset-files-using-old-dogs-and-modern-tricks/ Github： https://github.com/nccgroup/assethook "
maldevel ☣ @maldevel

[ Tools ] sheep-wolf – Exploit MD5 Collisions For Malware Detection https://www.darknet.org.uk/2017/05/sheep-wolf-exploit-md5-collisions-for-malware-detection/

" sheep-wolf: MD5 碰撞利用工具，可生成两个相同 MD5 的可执行文件，一个是好的(sheep)，一个是坏的(wolf)，利用 MD5 白名单绕过杀软检测： https://t.co/yCBXpWKhi9 "
NCC Group Infosec @NCCGroupInfosec

[ Tools ] NCC Group #Kubernetes Auto Analyzer https://github.com/nccgroup/kube-auto-analyzer for Security against the @ CISecurity std by @ raesene #CyberSecurity #containers

" kube-auto-analyzer: Kubernetes 配置自动化分析工具： https://t.co/z3d8lRohIg "
Christian @winscripting

[ Tools ] Fodhelper.exe UAC bypass added to the UACMe project. https://github.com/hfiref0x/UACME Thanks to: @ hFireF0X #fodhelper #uacbypass

" hfiref0x 开源的 UAC 对抗工具 UACMe 一直在更新，ReadeME 列表中列出了 30 多种方法： https://github.com/hfiref0x/UACME "
Nicolas Krassas @Dinosn

[ Windows ] InjectProc - Process Injection Techniques https://github.com/secrary/InjectProc

" InjectProc - 常用 Windows 进程注入技术示例代码： https://github.com/secrary/InjectProc "
Infiltrate @InfiltrateCon

[ Windows ] Here's another one from INFILTRATE 2017: COM in Sixty Seconds! (well minutes more likely) - @tiraniddo https://t.co/pBtCAWd86B

" James Forshaw 在 Infiltrate 2017 会议的演讲《60 秒了解 COM 的内幕与攻击面》的现场视频: https://t.co/pBtCAWd86B https://t.co/gu3Y9WxrXP "
James Forshaw @tiraniddo

[ Windows ] So the final part 3 of my UAC journey has been posted. How to exploit the UAC issue on Windows 10. https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html

" Reading Your Way Around UAC - James Forshaw 昨天连续发了 3 篇 Blog，介绍他的 UAC Bypass 技术： part-1： https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html part-2： https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html part-3： https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html "

XuanwuSpider via AloneMonkey AloneMonkey AloneMonkey alonemonkey 's blog

[ Debug ] 关于反调试&反反调试那些事： http://www.alonemonkey.com/2017/05/25/antiantidebug/
XuanwuSpider via seebug

[ Debug ] PhpStorm Xdebug远程调试环境搭建原理分析及问题排查: http://paper.seebug.org/308/
XuanwuSpider via Github

[ Firmware ] firmware-security-training - McAfee 安全研究团队公开了一套关于固件安全的培训资料，帮助大家从攻击者和防御者的角度了解 BIOS/UEFI 系统固件的安全性： https://github.com/advanced-threat-research/firmware-security-training
XuanwuSpider via Seebug

[ Sandbox ] GIT-SHELL 沙盒绕过（CVE-2017-8386），来自 Seebug 的译文: http://paper.seebug.org/309/#0-tsina-1-87873-397232819ff9a47a7b7e80a40613cfe1

2017/05/27