
腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ APT ] FireEye 对来自俄罗斯的网络威胁组织 HAMMERTOSS 的分析: https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf
-
[ Crypto ] 英特尔架构内存加密技术规范(Paper): https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf
-
[ Data Breach ] 近日,DJI 大疆公司发信提醒客户其敏感信息恐已遭泄漏: https://dronedj.com/2017/12/27/djis-certified-letter-to-notify-customers-of-data-breach/
-
[ Exploit ] PS4-4.05-Kernel-Exploit - PS4 4.05 namedobj 内核完整的越狱 Exploit: https://github.com/Cryptogenic/PS4-4.05-Kernel-Exploit https://github.com/Cryptogenic/Exploit-Writeups/blob/master/PS4/%22NamedObj%22%204.05%20Kernel%20Exploit%20Writeup.md
-
[ Firmware ] Positive Research 昨天公开了一篇关于 Intel ME 引擎的研究 Paper:《Inside Intel Management Engine》: https://github.com/ptresearch/IntelME-JTAG/blob/master/Inside_Intel_Management_Engine.pdf
-
[ Fuzzing ] fuzzing 入门指南: https://fuzzing-project.org/tutorial1.html
-
[ Hardware ] Samsung GT-I9300 手机 eMMC 芯片研究相关的一些工具和 sboot Exploit 代码: https://github.com/oranav/i9300_emmc_toolbox
-
[ iOS ] 如何利用 SHSH Blobs 将越狱后的设备升级到 iOS 11.1.2: https://github.com/ProAppleOS/Upgrade-from-any-Jailbroken-Device-to-iOS-11.1.2-with-Blobs/blob/master/README.md
-
[ MachineLearning ] 之前推送过一片 USENIX 的 Paper《Syntia - 利用蒙特卡洛树搜索技术实现混淆代码的自动化反混淆,自动化合成原始代码语意》,最近作者在德国 CCC 会议作了一次关于这个的演讲: https://events.ccc.de/congress/2017/Fahrplan/system/event_attachments/attachments/000/003/362/original/slides.pdf https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-blazytko.pdf https://github.com/RUB-SysSec/syntia
-
[ MachineLearning ] 利用机器学习检测恶意 URL/DGA 域名的两篇 Paper: 《Predicting Domain Generation Algorithms with LSTMs》、《eXpose: A Char-Level CNNs For Detecting Malicious URLs, Paths and Reg Keys》: https://arxiv.org/pdf/1611.00791.pdf https://arxiv.org/pdf/1702.08568.pdf
-
[ Mobile ] 在单用户和跨用户配置下对智能手机传感器进行利用: https://eprint.iacr.org/2017/1169.pdf
-
[ Others ] Reverse (Pseudo) Shell over SSH: https://govolution.wordpress.com/2017/12/27/reverse-pseudo-shell-over-ssh/
-
[ Others ] Dumping a PS4 Kernel in Only 6 Days: https://fail0verflow.com/blog/2017/ps4-crashdump-dump/
-
[ Others ] 让 Python SimpleHTTPServer HTTP 服务器绑定到 127.0.0.1 的方法:python3 -m http.server 8000 --bind 127.0.0.1: https://twitter.com/i/web/status/945763380094210048
-
[ Tools ] PE-sieve - 用于在进程模块中扫描 Inline Hooks 的工具 : https://github.com/hasherezade/pe-sieve
-
[ Tools ] ixy - 在用户态实现的 Linux 数据包处理驱动: https://github.com/emmericp/ixy
-
-
[ Tools ] nightHawkResponse - 事件响应取证框架: https://github.com/biggiesmallsAG/nightHawkResponse
-
[ Tools ] sqlipy - Burp Suite 的 Python插件,使用SQLMap API 集成了 SQLMap: https://github.com/codewatchorg/sqlipy
-
[ Tools ] certstreamcatcher - 通过观察证书透明度日志来捕获网络钓鱼的工具: https://github.com/6IX7ine/certstreamcatcher
-
[ Tools ] nmap-vulners - 调用 Vulners.com API 抓取漏洞信息的 NSE 脚本: https://github.com/vulnersCom/nmap-vulners
-
[ Tools ] PassGAN - 利用深度学习方法猜测密码: https://github.com/brannondorsey/PassGAN
-
[ Tools ] 远程调用 Mimikatz 的 PowerShell 脚本 : https://github.com/xorrior/RandomPS-Scripts/blob/master/Invoke-RemoteMimikatz.ps1
-
[ Web Security ] 有第三方网站脚本利用浏览器内置的密码管理器的漏洞跟踪用户: https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/
-
[ Web Security ] JUMPING TO THE HELL WITH 10 ATTEMPTS TO BYPASS DEVIL’S WAF: https://medium.com/@know.0nix/jumping-to-the-hell-with-10-attempts-to-bypass-devils-waf-4275bfe679dd
-
[ APT ] 'apt28,apt32和毛熊,三哥的apt活动中用到的PowerShell脚本和office宏,主要是过白和文件不落地的思路,有些很值得参考一下,国内的思路和技术落后不止一点点,链接: https://pan.baidu.com/share/init?surl=boIgQ6r 密码: c7dc ',来自 RevengeRangers weibo : https://weibo.com/1463212167/FBA6kdcwK?type=comment#_rnd1514432400430
-
[ Industry News ] 昨天推送了一篇《金山杀软 kavfm.sys/KWatch3.sys 驱动在处理 IOCTL 0x80030004 时存在本地提权漏洞》,经过金金山毒霸官方确认,文章中涉及的漏洞所在毒霸版本比较旧,而国内用户当前使用的金山毒霸11并不存在该问题: https://weibo.com/1642668915/FBHXVs1uD?type=comment
-
[ IoTDevice ] 部分Sonos和Bose扬声器存在漏洞:或被黑客用于音频恶作剧: http://www.cnbeta.com/articles/tech/684055.htm 趋势科技原文: http://blog.trendmicro.com/trendlabs-security-intelligence/iot-devices-need-better-builtin-security/ https://documents.trendmicro.com/assets/pdf/The-Sound-of-a-Targeted-Attack.pdf
-
[ MalwareAnalysis ] 移动端C#病毒“东山再起”,利用知名应用通信实现远控隐私窃取: https://mp.weixin.qq.com/s/IpaOZMStbJexRdDro55mvg
-
-
-
-
-
[ Vulnerability ] Apache Tika 任意代码执行详细分析——【CVE-2016-6809】: https://mp.weixin.qq.com/s/kd9IlyHm_4m8iK6z9CWdtw