腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/09/07

[ Browser ] Safari 技术预览版 39 发布： https://webkit.org/blog/7913/release-notes-for-safari-technology-preview-39/
[ Industry News ] 域名同型字攻击（IDN homograph）被用于传播 BETABOT 后门： https://threatpost.com/idn-homograph-attack-spreading-betabot-backdoor/127839/
[ Malware ] 有恶意样本开始粗暴地调用 taskkill.exe /IM <string> /T /F 枚举杀软进程，被杀的进程列表如下： https://blog.rootshell.be/2017/09/06/interesting-list-windows-processes-killed-malicious-software/
[ Others ] KleeFL - Seeding fuzzers with symbolic execution，为 Fuzzer 增加符号执行的支持： https://github.com/julieeen/kleefl
[ Vulnerability ] SCADA 应用 Jungo’s DriverWizard WinDriver（windrvr1240.sys）驱动越界写漏洞的利用： http://srcincite.io/blog/2017/09/06/sharks-in-the-pool-mixed-object-exploitation-in-the-windows-kernel-pool.html
[ Vulnerability ] 在 NVIDIA、Qualcomm、Huawei 的 bootloader 中发现多个漏洞： https://threatpost.com/multiple-vulnerabilities-found-in-nvidia-qualcomm-huawei-bootloaders/127833/
[ Windows ] 从防御的角度看 AD 环境基于 ACL 的攻击 - Hunting With Active Directory Replication Metadata： https://posts.specterops.io/hunting-with-active-directory-replication-metadata-1dab2f681b19

[ Browser ] 通过 x11 视窗系统实现 Linux Tor Sandbox 的逃逸： https://bugs.chromium.org/p/project-zero/issues/detail?id=1293&desc=2
[ Browser ] Tor 开发团队发布安卓上的 Tor 浏览器 Orfox： https://threatpost.com/tor-project-brings-security-slider-feature-to-android-app-orfox/127849/
[ Browser ] Microsoft Edge, Google Chrome 及 Apple Safari CSP 绕过 (CVE-2017-5033 、CVE-2017-2419) ： http://blog.talosintelligence.com/2017/09/vulnerability-spotlight-content.html
[ Firmware ] FIRMWARE EXPLOITATION WITH JEB:（Part 1）： https://www.pnfsoftware.com/blog/firmware-exploitation-with-jeb-part-1/ (Part 2)： https://www.pnfsoftware.com/blog/firmware-exploitation-with-jeb-part-2/ (Part 3)： https://www.pnfsoftware.com/blog/firmware-exploitation-with-jeb-part-3-reversing-the-smartrgs-sr505n/
[ IoTDevice ] Wireless IP Camera (P2P) WIFICAM 无线摄像头的多个高危漏洞详情： https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html
[ MalwareAnalysis ] Analysing a 10-Year-Old SNOWBALL： https://researchcenter.paloaltonetworks.com/2017/09/unit42-analysing-10-year-old-snowball/
[ MalwareAnalysis ] 基于资源消耗情况的统计实现 Android 恶意软件家族的分类： https://arxiv.org/pdf/1709.00875.pdf
[ Popular Software ] Malicious URI resolving in PDF documents， PDF 文档中 URI 解析中的危险。来自微博 redrain_QAQ： http://dl.acm.org/citation.cfm?id=2467304
[ Tools ] Syzygy - PE 文件的文件重写工具（Binary Rewriting），可以实现代码块分析和重构等功能： http://doar-e.github.io/blog/2017/08/05/binary-rewriting-with-syzygy/
[ Tools ] InfoCON - 专门收集各大信息安全会议资料的网站： https://infocon.org/cons/
[ Tools ] FrauDroid - 一个精确的大规模自动化广告欺诈检测的方法： https://arxiv.org/pdf/1709.01213.pdf
[ Web Security ] 滥用 .htaccess 实现 Web 漏洞的利用： https://medium.com/@insecurity_92477/utilizing-htaccess-for-exploitation-purposes-part-1-5733dd7fc8eb
[ Web Security ] CORS（跨域资源共享）是否过时？： https://www.bishopfox.com/blog/2017/09/is-cors-becoming-obsolete/

2017/09/07