腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Exploit ] 专注 ROP 技术的网站 ROP Emporium 上的一道 Split 挑战题的 writeup: https://medium.com/@iseethieves/intro-to-rop-rop-emporium-split-9b2ec6d4db08
-
[ Linux ] linux_kernel_cves - Linux 内核 CVE 追踪: https://github.com/nluedtke/linux_kernel_cves
-
[ Linux ] Linux 内核 PIE ELF 文件加载实现过程中存在栈内存破坏漏洞,成功利用可以实现提权(CVE-2017-1000253): https://access.redhat.com/security/vulnerabilities/3189592 https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
-
[ MalwareAnalysis ] ZNIU - 趋势科技发现了一款利用 Linux 内核 Dirty COW 漏洞攻击 Android 手机的恶意软件。并且认为这是来源于国内的黑产组织的行为: http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/ http://weibo.com/2255436844/FnHBwFWPb http://blog.tetrane.com/2017/09/dirtyc0w-1.html https://github.com/virqdroid/Android_Malware/tree/master/DirtyCow-trj
-
[ MalwareAnalysis ] 趋势科技对基于网络的 ATM 恶意软件攻击方式的简单分析: http://blog.trendmicro.com/trendlabs-security-intelligence/an-elaborate-atm-threat-crops-up-network-based-atm-malware-attacks/
-
[ Others ] 改进基于无状态哈希的签名算法: https://eprint.iacr.org/2017/933.pdf
-
[ Vulnerability ] Project Zero 昨天公开了一个博通 Wi-Fi SoC 的漏洞:Broadcom: OOB write when handling 802.11k Neighbor Report Response(CVE-2017-11120): https://bugs.chromium.org/p/project-zero/issues/detail?id=1289
-
[ Vulnerability ] IOActive 团队对移动端股票交易应用的安全性分析,发现 20 多个应用均存在安全问题,而目前仅有两家应用对此做出回应 : http://blog.ioactive.com/2017/09/are-you-trading-securely-insights-into.html https://threatpost.com/mobile-stock-trading-app-providers-unresponsive-to-glaring-vulnerabilities/128144/
-
[ Vulnerability ] EMC Data Protection Advisor ScheduledReportResource 命令注入 RCE(0Day),结合两个其它漏洞就可以实现 SYSTEM 权限代码执行(ZDI-17-812)。来自 ZDI: https://www.zerodayinitiative.com/blog/2017/9/26/duck-assisted-code-execution-in-emc-data-protection-advisor
-
[ Windows ] . 基于 Windows ETW(事件日志)的入侵检测,来自微软研究员在 DerbyCon 2017 会议的演讲。之前推送过他在微软 Blog 上写过的两篇相关文章: https://github.com/zacbrown/hiddentreasure-etw-demo/blob/master/zbrown-HiddenTreasureETW-DerbyCon7.pdf https://blogs.technet.microsoft.com/office365security/hidden-treasure-intrusion-detection-with-etw-part-1/ https://blogs.technet.microsoft.com/office365security/hidden-treasure-intrusion-detection-with-etw-part-2/
-
[ Windows ] 研究员 akayn 整理的 HEVD Windows 内核驱动漏洞利用方面的资料和代码: https://github.com/akayn/demos
-
[ ] An ACE in the Hole - Stealthy Host Persistence via Security Descriptors: https://www.slideshare.net/harmj0y/an-ace-in-the-hole-stealthy-host-persistence-via-security-descriptors
-
[ Android ] 借助 Debugger 攻击 Android 应用: https://blog.netspi.com/attacking-android-applications-with-debuggers/
-
[ Android ] Stock Android 中基于编译器实现对第三方库的单独权限隔离(paper): https://trust.cispa.saarland/~bugiel/publications/pdfs/bugiel17-ccs2.pdf
-
[ Browser ] Revealing the content of the address bar (IE)。IE 浏览器 object 标签内运行的脚本可以获得主页面的地址栏信息: https://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/
-
[ Browser ] Pwn2Own 2017 Safari backup CVE-2017-7092 Exploit: https://github.com/xuechiyaobai/CVE-2017-7092-Exploit/blob/master/ooo.html
-
-
[ MalwareAnalysis ] 针对恶意 Hangul Word Processor 文件的详细分析: https://www.lastline.com/labsblog/uncovering-nation-specific-targeted-attacks-without-knowing-korean/
-
[ Tools ] Intel 为 WinDbg 调试器写的一款扩展,用于辅助 Intel Processor Trace 相关特性的调试: https://software.intel.com/en-us/intel-system-studio-2018-windbg-pt-user-guide-windows
-
[ Vulnerability ] Exploiting Python PIL Module Command Execution Vulnerability: https://paper.seebug.org/405/
-