腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/05/31

theshadowbrokers @shadowbrokerss

[ Industry News ] TheShadowBrokers Monthly Dump Service – June 2017 — Steemit https://steemit.com/shadowbrokers/@ theshadowbrokers/theshadowbrokers-monthly-dump-service-june-2017 #shadowbrokers #equationgroup

" ShadowBrokers 组织的付费订阅模式开始了： https://t.co/jrAFZu8ieu "
Nicolas Krassas @Dinosn

[ Linux ] Linux kernel: stack buffer overflow with controlled payload in get_options() function http://seclists.org/oss-sec/2017/q2/344

" Linux 内核命令行解析 get_options 栈缓冲区溢出漏洞： https://t.co/RiXy3Jw43a "
Daniel Bilar @daniel_bilar

[ Linux ] WIP ebook on heap internals (glibc 'malloc' & 'free') & intro to heap exploitation https://heap-exploitation.dhavalkapil.com/ [see… https://t.co/cjDUssqFUO

" Glibc Heap Exploitation（在线电子书），介绍的是 glibc 内存的申请和释放的内幕，以及堆利用的一些技术： https://t.co/wsQb8WfKvp "
x0rz @x0rz

[ Linux ] Linux sudo's get_process_ttyname() root privilege escalation (CVE-2017-1000367) http://www.openwall.com/lists/oss-security/2017/05/30/16 #linux… https://t.co/fn156kxllX

" Linux Sudo get_process_ttynam() Root 本地提权漏洞（CVE-2017-1000367）： http://www.openwall.com/lists/oss-security/2017/05/30/16 "
l0ss @mikeloss

[ Others ] Best. Citrix. Escape. Ever. https://www.pentestpartners.com/security-blog/breaking-out-of-citrix-and-other-restricted-desktop-environments https://t.co/iEwgUUTyf7

" Citrix 及其他桌面受限虚拟化环境的逃逸，这类桌面虚拟化方案用于为应用提供一个受限的执行环境： https://t.co/msK70Vo9fi "
Nicolas Krassas @Dinosn

[ SecurityProduct ] [webapps] Trend Micro Deep Security version 6.5 - XML External Entity Injection/ Remote Code Execution https://www.exploit-db.com/exploits/42089/

" Trend Micro Deep Security V6.5 XXE实体化注入漏洞/本地提权漏洞/远程代码执行漏洞 PoC： https://t.co/Jyv8APt0zz "
Binni Shah @binitamshah

[ Tools ] expdevBadChars - Bad Characters highlighter for exploit development : https://howucan.gr/scripts-tools/2198-expdevbadchars-bad-characters-highlighter-for-exploit-development/

" expdevBadChars - 漏洞利用开发中的 Bad Characters 高亮工具： https://t.co/NZ8TcJ6dls "
Nicolas Krassas @Dinosn

[ Tools ] Avast releases decryptor tool for AES_NI ransomware https://blog.avast.com/avast-releases-decryptor-tool-for-aes_ni-ransomware

" Avast 发布了针对 AES_NI 勒索软件的解密程序： https://t.co/9PT6AaSykX "
Summit Route @SummitRoute

[ Tools ] Learn about "Free tools for auditing the security of an AWS account" in my latest post: https://summitroute.com/blog/2017/05/30/free_tools_for_auditing_the_security_of_an_aws_account/ https://t.co/ULRpnjMgxU

" 审计 AWS 账户安全性的免费工具介绍： https://t.co/eZnd90oFGZ "
Dennis Yurichev @yurichev

[ Tools ] Using PIN DBI for XOR interception https://yurichev.com/blog/PIN_XOR/

" 利用 Intel 二进制插桩工具（DPI）劫持所有的 XOR 指令： https://t.co/NoV35ykcvI "
Nicolas Krassas @Dinosn

[ Vulnerability ] Cross-origin brute-forcing of Github SAML and 2FA recovery codes http://blog.intothesymmetry.com/2017/05/cross-origin-brute-forcing-of-saml-and.html

" 跨域爆破 GitHub SAML 和双因素认证的还原码： https://t.co/pGCEYEP2kz "
Binni Shah @binitamshah

[ Vulnerability ] Everything you need to know about the new Split Tunnel SMTP Exploit : https://blog.securolytics.io/2017/05/split-tunnel-smtp-exploit-explained/ https://t.co/JKq1v27X14

" Split Tunnel SMTP Exploit - Bypass 邮件网关，利用邮件加密套件的漏洞直接向邮件服务器注入恶意 Payload： https://t.co/wxNIczcLx2 https://t.co/JKq1v27X14 "
Binni Shah @binitamshah

[ Windows ] A PoC Demonstrating how UAC was Fundamentally Broken from Day 1 : https://gist.github.com/tyranid/9ffef5962a642d4a1bb8e4ee7e3bebc5

" 在 Vista+ 系统上 Bypass UAC 的 PowerShell 脚本： https://t.co/mPVeBScRzy "
Binni Shah @binitamshah

[ Windows ] Starting with Windows Kernel Exploitation (Part 1) – Setting up the lab : https://hshrzd.wordpress.com/2017/05/28/starting-with-windows-kernel-exploitation-part-1-setting-up-the-lab/

" 学习 Windows 内核漏洞利用第1部分搭建实验环境： https://t.co/DZJ51jOmle "
x0rz @x0rz

[ Windows ] Windows MsMpEng remotely exploitable UaF due to design issue in GC engine (CVE-2017-8540) https://bugs.chromium.org/p/project-zero/issues/detail?id=1258 #vulnerability #windows

" GC 引擎的设计问题导致的 Windows MsMpEng 的远程 UAF（CVE-2017-8540）： https://t.co/EWM739NZZA "

XuanwuSpider via nccgroup

[ Defend ] 来自内部员工的威胁以及如何防御，来自 NCC Group 的 Paper： https://www.nccgroup.trust/uk/our-research/understanding-the-insider-threat-and-how-to-mitigate-it/
XuanwuSpider via www.dfir.training

[ Forensics ] DFIR 网站收集的安全工具列表，以取证为主，也有一些其他方向的工具： http://www.dfir.training/index.php/tools/malware-analysis/371-cuckoo-sandbox
XuanwuSpider via 看雪论坛

[ macOS ] macOS 10.12.2本地提权和XNU port 堆风水： https://mp.weixin.qq.com/s/BtRoG4b4sNauaia-8jmL2g
XuanwuSpider via Innovera 公开的一份关于移动安全渗透测试的研究报告，介绍了移动安全渗透测试时常用的工具、并有结合 DIVA(Damn Insecure and Vulnerable App) 实验环境的实践： https://www.exploit-db.com/docs/42080.pdf www.exploit-db.com

[ Mobile ] Innovera 公开的一份关于移动安全渗透测试的研究报告，介绍了移动安全渗透测试时常用的工具、并有结合 DIVA(Damn Insecure and Vulnerable App) 实验环境的实践： https://www.exploit-db.com/docs/42080.pdf
XuanwuSpider via Github

[ Tools ] SSL 中间人劫持小工具，C# 实现，采用子签名 CA 证书： https://gist.github.com/subTee/61b8e7852e5ed8212cddd039285ea324
XuanwuSpider via delxu.blog.51cto.com

[ Virtualization ] 图解VMware内存机制： http://delxu.blog.51cto.com/975660/288682
XuanwuSpider via www.cnblogs.com

[ Vulnerability ] RuntimeBroker ClipboardBroker EoP 漏洞的分析(CVE-2017-0211)： http://www.cnblogs.com/Danny-Wei/p/6869115.html
XuanwuSpider via seclists.org

[ Vulnerability ] 开源 RADIUS 认证服务器 FreeRADIUS Server 刚刚修复了一个远程可以利用的漏洞，该漏洞与 TLS Session Cache 有关：《CVE-2017-9148 FreeRADIUS TLS resumption authentication bypass》： https://t.co/wK5OCQzmko http://seclists.org/oss-sec/2017/q2/342

2017/05/31