腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] lokihardt 在 Pwn2Own 2016 比赛中利用 Windows 10 Chrome libANGLE buffer-overflow 漏洞实现沙箱逃逸的细节(附 PoC): https://bugs.chromium.org/p/chromium/issues/attachment?aid=227798 https://bugs.chromium.org/p/chromium/issues/attachment?aid=227802
-
[ Browser ] WebKit: JSC: Incorrect optimization in BytecodeGenerator::emitGetByVal(CVE-2017-7061),来自 lokihardt: https://bugs.chromium.org/p/project-zero/issues/detail?id=1263
-
[ Browser ] V8 发布 6.2 版本,主要是性能方面的提高,此外 FullCodeGen 编译器被移除了: https://v8project.blogspot.com.es/2017/09/v8-release-62.html
-
[ Conference ] r2con 2017 会议的大部分议题公开了: https://github.com/radareorg/r2con-2017/tree/master/talks
-
[ iOS ] 剖析 Apple Touch ID,另外新版本的 iPhone 将升级为 Face ID: https://medium.com/@fstiehle/demystifying-apples-touch-id-4883d5121b77
-
[ IoTDevice ] Hacking the Xbox: http://bunniefoo.com/nostarch/HackingTheXbox_Free.pdf
-
[ MachineLearning ] Awesome Adversarial Machine Learning - 机器学习对抗相关的资料整理: https://github.com/yenchenlin/awesome-adversarial-machine-learning
-
[ MalwareAnalysis ] 利用基于控制流图(CFG)的模糊 Hash 实现恶意软件的分类,来自 r2con 会议: https://github.com/radareorg/r2con-2017/blob/master/talks/cfg-fuzzy-hash/Machoke-cfg-based-fuzzy-hash.pdf
-
[ Others ] 被黑掉的 WordPress 服务器分析: https://www.codemetrix.net/examining-a-hacked-php-server/ https://t.co/y8OMnmoaSC
-
[ Pentest ] 通过 DNS 响应欺骗来绕过域控制验证: https://labs.detectify.com/2017/09/11/guest-blog-bypassing-domain-control-verification-with-dns-response-spoofing/
-
[ Pentest ] 使用 Excel.Application 和 DCOM 进行横向渗透: https://posts.specterops.io/lateral-movement-using-excel-application-and-dcom-enigma0x3-on-wordpress-com-d11d56e504dc
-
[ Tools ] lan-monitor - 根据 NMAP 扫描结果在网页上显示 LAN 状态: https://github.com/KruDex/lan-monitor
-
[ Tools ] Siofra - DLL 劫持漏洞扫描器、PE 感染工具: https://github.com/falexorr/Siofra
-
[ Windows ] 基于 Windows Event Forwarding 机制的网络防御措施,之前也推送过一篇微软的《基于 Windows Event Forwarding 的入侵检测》: https://medium.com/@palantir/windows-event-forwarding-for-network-defense-cb208d5ff86f https://docs.microsoft.com/en-us/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection
-
[ Windows ] 上周推送过《Windows PsSetLoadImageNotifyRoutine Callback 的优点、缺点和你不知道的事儿》,其中提到 PsSetLoadImageNotifyRoutine 的 Bug 可以导致很多杀软获取模块加载文件名不正确,检测失效。作者昨天继续写了 Part 2: https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-2/
-
[ Browser ] Google 对保护着 30 亿设备的 Safe Browsing 技术的简单介绍: https://security.googleblog.com/2017/09/safe-browsing-protecting-more-than-3_11.html
-
[ Industry News ] 为何朝鲜对 Bitcoin 如此感兴趣?来自 FireEye: https://www.fireeye.com/blog/threat-research/2017/09/north-korea-interested-in-bitcoin.html
-
[ Industry News ] Chrome 计划不再信任赛门铁克证书: https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
-
[ Industry News ] 据 Check Point 安全人员说 Windows 10 内置的 Linux Shell 可以被利用来隐藏恶意软件: https://motherboard.vice.com/en_us/article/xwwexa/windows-10s-built-in-linux-shell-could-be-abused-to-hide-malware-researchers-say
-
[ Linux ] grsecurity-101-tutorials - PaX/Grsecurity 新手教程: https://github.com/hardenedlinux/grsecurity-101-tutorials
-
[ OpenSourceProject ] FreeXL Library 中被发现存在两个远程代码执行漏洞(CVE-2017-2923、CVE-2017-2924): http://blog.talosintelligence.com/2017/09/vulnerability-spotlight-talos-2017.html
-
[ SecurityProduct ] QuickHeal AV crashes on malicious RAR files from 2013: https://bugs.chromium.org/p/project-zero/issues/detail?id=1280&desc=2
-
-
[ Tools ] grsecurity-101-tutorials - PaX/Grsecurity 新手教程: https://github.com/hardenedlinux/grsecurity-101-tutorials
-
[ Web Security ] The Road To HSTS(HTTP Strict Transport Security): https://engineeringblog.yelp.com/2017/09/the-road-to-hsts.html
-
[ Windows ] 微软关于 Windows Defender Exploit Guard 保护机制的文档: https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard
-
[ Windows ] 从一个补了三次的漏洞看WCF的安全编程,来自腾讯玄武实验室 Danny_Wei: http://xlab.tencent.com/cn/2017/09/11/safe-coding-of-wcf-viewed-from-a-longlive-vulnerability/