腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] Microsoft Edge: ACG bypass using DuplicateHandle。Edge 浏览器今年引入了 ACG (Arbitrary Code Guard) 保护特性,将 JIT 编译放到了独立的 JIT server 进程中处理。Project Zero 研究员 ifratric 发现利用 Content process 中残留的 Jit Server process handle 结合 DuplicateHandle 就可以实现完全控制 Jit Server Process: https://bugs.chromium.org/p/project-zero/issues/detail?id=1299
-
[ Linux ] 30 个有趣的 Linux Shell 命令: https://www.lopezferrando.com/30-interesting-shell-commands/
-
[ macOS ] LuLu - objective-see 开源的一个 macOS 防火墙软件: https://github.com/objective-see/LuLu
-
[ Malware ] 高级 SMS 恶意软件 "ExpensiveWall" 感染数百万个 Android 设备: https://threatpost.com/premium-sms-malware-expensivewall-infects-millions-of-android-devices/127976/
-
[ Malware ] Hangul Word Processor and PostScript Abused Via Malicious Attachments: http://blog.trendmicro.com/trendlabs-security-intelligence/hangul-word-processor-postscript-abused-malicious-attachments/
-
[ Others ] Follow the Bitcoin With Python, BlockExplorer and Webhose.io: http://www.automatingosint.com/blog/2017/09/follow-the-bitcoin-with-python-blockexplorer-and-webhose-io/?utm_content=buffere465
-
[ Others ] 保护 Azure 栈上的应用程序和数据: https://azure.microsoft.com/en-us/blog/protecting-applications-and-data-on-azure-stack/
-
[ Pentest ] 从 SQLi 到企业管理员: https://www.notsosecure.com/anatomy-of-a-hack-sqli-to-enterprise-admin/
-
[ Popular Software ] Youtube 上的高级 Flash 漏洞 Part 4: https://opnsec.com/2017/09/advanced-flash-vulnerabilities-in-youtube-part-4/
-
[ Tools ] InjectProc - 进程注入工具: https://github.com/secrary/InjectProc
-
[ Tools ] ThunderShell - 基于 Powershell 实现的后门: https://github.com/Mr-Un1k0d3r/ThunderShell
-
[ Tools ] 利用树莓派、EC2 和 MHN 搭建蜜罐网络: http://www.h-i-r.net/2017/09/building-honeypot-army-pi-ec2-mhn.html
-
[ Tools ] IDA Pro 7.00 版本终于发布了,最大的改动是迁移至 64 位了。除此之外 API 方面做了很多改动,对多语言的支持也比较好了(UTF-8 everywhere): https://www.hex-rays.com/products/ida/7.0/index.shtml https://www.hex-rays.com/products/ida/7.0/docs/api70_porting_guide.shtml
-
[ Vulnerability ] Palo Alto 发现了一个 QEMU 硬盘控制器仿真器在处理 ATA_CACHE_FLUSH 命令时存在一个空指针解引用漏洞(CVE-2017-12809): https://researchcenter.paloaltonetworks.com/2017/09/unit42-palo-alto-networks-discovers-new-qemu-vulnerability/
-
[ Windows ] Command and Control - Website Keyword: https://pentestlab.blog/2017/09/14/command-and-control-website-keyword/
-
[ Windows ] Bashware - Bypass 杀毒软件的新方法。这种方法利用 Windows 10 新支持的 WSL(Linux 子系统)特性可以 Bypass 现有杀软的检测防护体系,来自 CheckPoint 的 Blog: https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/
-
-
[ Android ] 安装 Android Google Play 的手机会存在 Google Play Protect 防护服务,目前其新添加了一个 SafetyNet Verify Apps API 的特性,开发者可以从 Verify Apps API 获得已安装 APP 的安全状态: https://android-developers.googleblog.com/2017/09/safetynet-verify-apps-api-google-play.html
-
[ Browser ] Building the DOM faster: speculative parsing, async, defer and preload。Firefox 为了加快 DOM 树构建所采用的一系列优化措施: https://hacks.mozilla.org/2017/09/building-the-dom-faster-speculative-parsing-async-defer-and-preload/
-
-
-
-
[ MalwareAnalysis ] Android FlexiSpy 间谍软件深入分析: http://www.fortiguard.com/events/2049/toorcon-19-san-diego-dig-deep-into-flexispy-for-android
-
[ SecurityProduct ] Insinuator 发现了 FireEye 设备的一个 Bug。当运行在 Live-Mode 模式时,恶意样本可以直接连接设备上运行的服务,比如 SSH 服务。而正常情况下这些服务只能通过管理网络接口访问: https://insinuator.net/2017/09/fireeye-security-bug-connection-to-physical-host-and-adjacent-network-possible-during-analysis-in-live-mode/
-
[ Vulnerability ] Deep Dive in MarkLogic Exploitation Process via Argus PDF Converte: http://blog.talosintelligence.com/2017/09/deep-dive-marklogic-exploitation.html
-
[ Vulnerability ] YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib: http://blog.talosintelligence.com/2017/09/vulnerability-spotlight-yaml-remote.html
-