腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Inside Android's SafetyNet Attestation - Android SafetyNet Attestation 保护机制的深度分析,这个议题作者在最近的 Black Europe 会议上讲过: https://www.mulliner.org/collin/publications/34c3_Androids_SafetyNet_Attestation_Attack_and_Defense.pdf
-
[ Detect ] 追查黑客行为:发现与检测横向渗透的方法: https://www.botconf.eu/wp-content/uploads/2017/12/2017_tomonaga-muda-Hunting-Attacker-Activities.pdf
-
-
[ Linux ] 利用 Linux 内核 waitid() 系统调用的任意地址写漏洞(CVE-2017-5123)实现 Docker 容器的逃逸: https://www.twistlock.com/2017/12/27/escaping-docker-container-using-waitid-cve-2017-5123/
-
[ MalwareAnalysis ] Android 上的银行木马僵尸网络回顾: https://www.botconf.eu/wp-content/uploads/2017/12/2017-Drimel-The_new_era_of_Android_Banking_Botnets.pdf
-
[ Others ] 揭露英国间谍的网络社交媒体角色: https://media.ccc.de/v/34c3-9233-uncovering_british_spies_web_of_sockpuppet_social_media_personas
-
[ Sandbox ] 通过判断系统本地语言实现反沙盒/反调试的技巧: http://www.hexacorn.com/blog/2017/12/30/using-localization-as-a-lame-anti-sandbox-anti-debug-trick/
-
[ Tools ] 利用 ELK 日志分析平台捕获攻击者的行为: http://findingbad.blogspot.com/2017/12/hunting-with-elk.html
-
[ Tools ] dump_avb_signature - 转储 Android Verified Boot 的签名 Hash : https://github.com/bkerler/dump_avb_signature
-
[ Tools ] 恶意软件信息共享平台(MISP)中内置了多种信息列表,目的是降低情报信息的误报问题。这些列表包括 Alexa Top 1000 网站列表、公开 DNS 解析服务器列表、微软和 Google 域名列表等等: https://github.com/MISP/misp-warninglists
-
[ Tools ] KNIGHTCRAWLER项目介绍:快速发现水坑攻击: https://www.botconf.eu/wp-content/uploads/2017/12/2017-FelixAime_Kinghtcrawler.pdf
-
[ Tools ] Malpedia 恶意软件协同分析平台介绍: https://www.exterminate-it.com/malpedia/ Slides : https://www.botconf.eu/wp-content/uploads/2017/12/2017-DanielPlohmann-Malpedia.pdf
-
[ Tools ] avatar² - 开源的二进制固件分析框架: https://media.ccc.de/v/34c3-9195-avatar
-
[ Vulnerability ] CVE-2017-11882 漏洞利用脚本,无需使用 WebDAV: https://github.com/rxwx/CVE-2017-11882/blob/master/packager_exec_CVE-2017-11882.py
-
[ Vulnerability ] Cisco IOS 漏洞利用程序开发视频,来自 CCC 大会: https://media.ccc.de/v/34c3-8936-1-day_exploit_development_for_cisco_ios
-
[ WirelessSecurity ] 解码非接触式付款:探索 NFC 交易,介绍 Apple Pay 与 Android Pay 的运作机制: https://media.ccc.de/v/34c3-8965-decoding_contactless_card_payments
