每日安全动态推送(09-07)

2017-09-07 11:26:34 Admin 腾讯玄武实验室

Xuanwu Lab Security Daily News


  • [ Browser ]  Safari 技术预览版 39 发布: 

    https://webkit.org/blog/7913/release-notes-for-safari-technology-preview-39/


  • [ Industry News ]   域名同型字攻击(IDN homograph)被用于传播 BETABOT 后门:

    https://threatpost.com/idn-homograph-attack-spreading-betabot-backdoor/127839/


  • [ Malware ]   有恶意样本开始粗暴地调用 taskkill.exe /IM <string> /T /F 枚举杀软进程,被杀的进程列表如下: 

    https://blog.rootshell.be/2017/09/06/interesting-list-windows-processes-killed-malicious-software/ 


  • [ Others ]   KleeFL  - Seeding fuzzers with symbolic execution,为 Fuzzer 增加符号执行的支持: 

    https://github.com/julieeen/kleefl


  • [ Vulnerability ]   SCADA 应用 Jungo’s DriverWizard WinDriver(windrvr1240.sys)驱动越界写漏洞的利用: 

    http://srcincite.io/blog/2017/09/06/sharks-in-the-pool-mixed-object-exploitation-in-the-windows-kernel-pool.html


  • [ Vulnerability ]  在 NVIDIA、Qualcomm、Huawei 的 bootloader 中发现多个漏洞:https://threatpost.com/multiple-vulnerabilities-found-in-nvidia-qualcomm-huawei-bootloaders/127833/


  • [ Windows ]   从防御的角度看 AD 环境基于 ACL 的攻击 - Hunting With Active Directory Replication Metadata:  

    https://posts.specterops.io/hunting-with-active-directory-replication-metadata-1dab2f681b19


  • [ Tools ]  Syzygy - PE 文件的文件重写工具(Binary Rewriting),可以实现代码块分析和重构等功能: 

    http://doar-e.github.io/blog/2017/08/05/binary-rewriting-with-syzygy/


  • [ Popular Software ]  Malicious URI resolving in PDF documents, PDF 文档中 URI 解析中的危险。来自微博 redrain_QAQ: 

    http://dl.acm.org/citation.cfm?id=2467304


  • [ Browser ]  通过 x11 视窗系统实现 Linux Tor Sandbox 的逃逸:https://bugs.chromium.org/p/project-zero/issues/detail?id=1293&desc=2


  • [ MalwareAnalysis ]  基于资源消耗情况的统计实现 Android 恶意软件家族的分类:https://arxiv.org/pdf/1709.00875.pdf 


  • [ Tools ]  InfoCON - 专门收集各大信息安全会议资料的网站: https://infocon.org/cons/


  • [ Tools ]  FrauDroid - 一个精确的大规模自动化广告欺诈检测的方法:https://arxiv.org/pdf/1709.01213.pdf


  • [ Firmware ]  FIRMWARE EXPLOITATION WITH JEB:

    (Part 1): https://www.pnfsoftware.com/blog/firmware-exploitation-with-jeb-part-1/ 

    (Part 2): https://www.pnfsoftware.com/blog/firmware-exploitation-with-jeb-part-2/ 

    (Part 3): https://www.pnfsoftware.com/blog/firmware-exploitation-with-jeb-part-3-reversing-the-smartrgs-sr505n/


  • [ Web Security ]  滥用 .htaccess 实现 Web 漏洞的利用:https://medium.com/@insecurity_92477/utilizing-htaccess-for-exploitation-purposes-part-1-5733dd7fc8eb


  • [ IoTDevice ]  Wireless IP Camera (P2P) WIFICAM 无线摄像头的多个高危漏洞详情: 

    https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html


  • [ Browser ]  Tor 开发团队发布安卓上的 Tor 浏览器 Orfox: https://threatpost.com/tor-project-brings-security-slider-feature-to-android-app-orfox/127849/


  • [ Web Security ]  CORS(跨域资源共享) 是否过时?:

     https://www.bishopfox.com/blog/2017/09/is-cors-becoming-obsolete/


  • [ MalwareAnalysis ]  Analysing a 10-Year-Old SNOWBALL: 

    https://researchcenter.paloaltonetworks.com/2017/09/unit42-analysing-10-year-old-snowball/


  • [ Browser ]  Microsoft Edge, Google Chrome 及 Apple Safari CSP 绕过 (CVE-2017-5033 、CVE-2017-2419) : 

    http://blog.talosintelligence.com/2017/09/vulnerability-spotlight-content.html


* 搜索历史推送,请用 Google 以 site 关键词限定搜索,如: site:xuanwulab.github.io android fuzz

* 按天查看历史推送内容: https://xuanwulab.github.io/cn/secnews/2017/09/07/index.html

* 新浪微博账号: 腾讯玄武实验室(http://weibo.com/xuanwulab)