每日安全動態推送(09-18)

騰訊玄武實驗室Admin2017-09-18 21:27:21

Xuanwu Lab Security Daily News


  • [ Android ]   Reverse Engineering an Android Application(Android 應用逆向)電子書下載

    https://leakedforums.com/threads/ebook-reverse-engineering-an-android-application-apk-hacking.349/


  • [ Browser ]  理解 V8 字節碼:  

    https://medium.com/dailyjs/understanding-v8s-bytecode-317d46c94775


  • [ Browser ]    v8 引擎了 Type profiling,可在運行時收集類型信息https://medium.com/fhinkel/runtime-type-information-for-javascript-b134faac3c0a


  • [ Data Breach ]  繼 1.43 億 Equifax 美國用戶信息洩漏事件後,Equifax 英國公司確認 40 萬英國用戶個人信息同遭影響:  

    http://securityaffairs.co/wordpress/63109/data-breach/equifax-data-breach-britons.html


  • [ Forensics ]  反取證技術 - 將進程隱藏在內核模式中: 

    https://www.cert-devoteam.fr/publications/en/antiforensics-techniques-process-hiding-in-kernel-mode/


  • [ Industry News ]  WordPress 插件 Display Widgets 存在後門並在網站上插入垃圾廣告

    https://threatpost.com/200k-wordpress-sites-exposed-to-rogue-version-of-display-widgets/127994/


  • [ Linux ]  SELinux in Android Oreo or: How I Learned to Stop Worrying and Love Attributes: 

    http://events.linuxfoundation.org/sites/events/files/slides/LSS%20-%20Treble%20%27n%27%20SELinux.pdf


  • [ Malware ]  在 PyPI(Python包索引) 上發現十個惡意的庫https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/?utm_campaign=crowdfire&utm_content=crowdfire&utm_medium=social&utm_source=twitter#238993254-tw#1505552853415


  • [ MalwareAnalysis ]  Fortinet 研究員對 Poison Ivy/PlugX 新變種的深度分析 - Part 2

    https://blog.fortinet.com/2017/09/15/deep-analysis-of-new-poison-ivy-plugx-variant-part-ii


  • [ SecurityProduct ]    ZDI 公開了趨勢科技 Mobile Security for Enterprise 產品的 3 個漏洞,分別為 SQL 注入、文件上傳、身份驗證繞過(CVE-2017-14080/CVE-2017-14079/CVE-2017-14078): 

    http://www.zerodayinitiative.com/advisories/ZDI-17-767/  

    http://www.zerodayinitiative.com/advisories/ZDI-17-807/  

    http://www.zerodayinitiative.com/advisories/ZDI-17-810/


  • [ Tools ]   .NET Core 運行時的 JIT 編譯器 - RyuJIT 介紹https://github.com/dotnet/coreclr/blob/master/Documentation/botr/ryujit-tutorial.md


  • [ Tools ]  Improved decoder for Burp Suite: 

    https://github.com/nccgroup/Decoder-Improved


  • [ Tools ]  macphish - 生成 Office for Mac 宏 Payload 的工具https://github.com/cldrn/macphish


  • [ Virtualization ]   VMware 修復了 3 個漏洞,分別為:1. SVGA 設備的一個越界寫漏洞(CVE-2017-4924),該漏洞可以實現 Guest 到 Host 的逃逸;2. Guest RPC 空指針引用漏洞(CVE-2017-4925);3. H5 客戶端的存儲型 XSS(CVE-2017-4926)https://www.vmware.com/security/advisories/VMSA-2017-0015.html


  • [ Web Security ]   Metasploitable 3: HTTP PUT 教程http://www.hackingtutorials.org/exploit-tutorials/metasploitable-3-exploiting-http-put/


  • [ Windows ]  利用高權限的 .NET 應用程序實現 UAC 繞過: 

    https://offsec.provadys.com/UAC-bypass-dotnet.html


  • [ Windows ]  Windows kernel pool spraying fun

    Part 3 :https://theevilbit.blogspot.in/2017/09/windows-kernel-pool-spraying-fun-part-3.html  

    Part 2:https://theevilbit.blogspot.in/2017/09/windows-kernel-pool-spraying-fun-part-2.html  

    Part  1:https://theevilbit.blogspot.in/2017/09/pool-spraying-fun-part-1.html


  • [ Windows ]   CVE-2017-8759 - Microsoft .NET Framework RCE 漏洞利用工具包+視頻教程

    http://seclists.org/fulldisclosure/2017/Sep/33?utm_source=feedburner&;utm_medium=twitter&utm_campaign=Feed%3A+seclists%2FFullDisclosure+%28Full+Disclosure%29


  • [ Others ]  一次服務器被攻擊的應急行動: 

    http://www.4hou.com/technology/7653.html


  • [ Vulnerability ]  Xdebug: A Tiny Attack Surfacehttps://ricterz.me/posts/Xdebug%3A%20A%20Tiny%20Attack%20Surface


  • [ Conference ]  USENIX 2017 會議的大部分演講視頻都已經公開了https://www.usenix.org/conference/usenixsecurity17/technical-sessions


  • [ Fuzzing ]  利用 WinAFL 來 fuzz MSXML library

     https://symeonp.github.io/2017/09/17/fuzzing-winafl.html


  • [ IoTDevice ]  An Introduction to Printer Exploitation 1 : 

    https://0x00sec.org/t/an-introduction-to-printer-exploitation-1/3565


  • [ Virtualization ] 除了拖拽(Drag’n’Drop),VMware 還有哪些攻擊面?Comsecuris 去年為了準備 Pwn2Own 開始挖掘 VMware 的漏洞,可惜最後由於時間原因沒能趕上。這篇 Blog 來自他們對 Vmware 攻擊界面的剖析以及他們發現的漏洞: 

    https://comsecuris.com/blog/posts/vmware_vgpu_shader_vulnerabilities/


* 搜索歷史推送,請用 Google 以 site 關鍵詞限定搜索,如: site:xuanwulab.github.io android fuzz

* 按天查看歷史推送內容: https://xuanwulab.github.io/cn/secnews/2017/09/18/index.html

* 新浪微博賬號: 騰訊實驗室(http://weibo.com/xuanwulab)


閱讀原文

TAGS: