每日安全动态推送(04-13)

2018-04-13 12:45:58 Admin 腾讯玄武实验室

Xuanwu Lab Security Daily News


  • [ Android ]  对混淆的 Android 应用进行渗透测试:

     http://tinyhack.com/2018/02/05/pentesting-obfuscated-android-app/


  • [ APT ]  Kaspersky 发布 Q1 季度 APT 趋势报告: 

    https://securelist.com/apt-trends-report-q1-2018/85280/


  • [ APT ]  Kaspersky Lab 对自 2017 年起一系列主要针对中东和北非的攻击的调查与分析:

    https://securelist.com/operation-parliament-who-is-doing-what/85237/


  • [ Browser ]  解决浏览器性能问题的备忘单:

     https://medium.com/@ricomariani/browser-performance-banes-and-cheat-sheet-2ba783ac5002


  • [ Browser ]  WebKit JIT 引擎的数值比较 Bug 研究:https://www.zerodayinitiative.com/blog/2018/4/12/inverting-your-assumptions-a-guide-to-jit-comparisons


  • [ Browser ]  Safari 11.1 中的 WebKit 新特性介绍:

    https://webkit.org/blog/8216/new-webkit-features-in-safari-11-1/


  • [ Conference ]  HITB2018AMS Day 1 大会议题放出:https://conference.hitb.org/files/hitbsecconf2018ams/materials/


  • [ Exploit ]  从零开始编写 ARM Bindshell 的 Shellcode:

    https://azeria-labs.com/downloads/HITB-v1.0.pdf


  • [ Industry News ]  NCSC UK 发布新的网络攻击分类系统以提高对事件的反应速度:

    https://www.ncsc.gov.uk/news/new-cyber-attack-categorisation-system-improve-uk-response-incidents


  • [ Industry News ]  以色列白帽子通过调节风扇速度而建立一条数据泄露的音频通道:https://www.theregister.co.uk/2016/06/24/israeli_researcher_fans_fears_heres_another_way_to_cross_the_airgap/


  • [ iOS ]  如何分析和发现 MacOSX 和 iOS 内核驱动的漏洞,来自 HITB2018AMS 大会:

    https://conference.hitb.org/hitbsecconf2018ams/materials/D1T1%20-%20Xiaolong%20Bai%20&;;%20Min%20Spark%20Zheng%20-%20How%20to%20Analyze%20and%20Find%20Bugs%20in%20MacOS%20and%20iOS%20Kernel%20Drivers.pdf


  • [ IoTDevice ]  IoT 感知:通过行为指纹(Behavioral Fingerprinting)识别 IoT 设备类型:

    https://arxiv.org/pdf/1804.03852.pdf


  • [ Language ]  Rust 语言入门介绍:

     https://stevedonovan.github.io/rust-gentle-intro/readme.html


  • [ Linux ]  《Professional Linux Kernel Architecture 》(深入Linux内核架构)书:https://cse.yeditepe.edu.tr/~kserdaroglu/spring2014/cse331/termproject/BOOKS/ProfessionalLinuxKernelArchitecture-WolfgangMauerer.pdf


  • [ MachineLearning ]  TensorFlow Probability 工具介绍:https://medium.com/tensorflow/introducing-tensorflow-probability-dca4c304e245


  • [ MalwareAnalysis ]  Sophisticated Mutli-stage Malware (hosted on pussyhunters.ru),复杂的多阶段执行恶意软件分析:

     https://dissectmalware.wordpress.com/2018/04/12/sophisticated-mutli-stage-malware-hosted-on-pussyhunter-ru/


  • [ Others ]  花 50 美元 DIY 一个理想中的路由器:

      https://blog.tjll.net/building-my-perfect-router/ 


  • [ Pentest ]  HTTPS Payload and C2 Redirectors:

     https://posts.specterops.io/https-payload-and-c2-redirectors-ff8eb6f87742


  • [ Popular Software ]   Check Point 公布 Drupal 高危漏洞 Drupalgeddon 2 (CVE-2018-7600) 的分析与利用:

     https://research.checkpoint.com/uncovering-drupalgeddon-2/


  • [ Processor ]  Effect of CPU caches,CPU 缓存研究: 

    https://medium.com/@minimarcel/effect-of-cpu-caches-57db81490a7f


  • [ Programming ]   使用 CoreCLR 编写 C# 的 Managed JIT:http://xoofx.com/blog/2018/04/12/writing-managed-jit-in-csharp-with-coreclr/


  • [ Tools ]  PowerMeta -  通过搜索引擎下载指定域名下的所有文件,然后做元数据分析以提取敏感信息的工具:

     https://github.com/dafthack/PowerMeta


  • [ Tools ]  微软发布 JavaScript API Browser: 

    https://docs.microsoft.com/en-us/javascript/api/


  • [ Tools ]  当 Burp Suite 遇见 FRIDA,来自 HITB2018AMS 大会:https://conference.hitb.org/hitbsecconf2018ams/materials/D1T1%20-%20Federico%20Dotta%20and%20Piergiovanni%20Cipolloni%20-%20Brida%20When%20Burp%20Suite%20Meets%20Frida.pdf


  • [ Tools ]  BugBounty 中常用的侦察工具分享:

     https://medium.com/@adrien_jeanneau/whats-tools-i-use-for-my-recon-during-bugbounty-ec25f7f12e6d


  • [ Tools ]  Android 上的动态二进制分析工具 FRIDA 使用介绍:https://pspace.github.io/2018/04/11/BSidesMuc_workshop_wrapup.html


  • [ Tools ]  WinDbg: 使用 pykd 来 dump 私有符号 :

     https://labs.nettitude.com/blog/windbg-using-pykd-to-dump-private-symbols/


  • [ Vulnerability ]  How I broke into Google Issue Tracker,Google 问题跟踪系统对邮件发送方认证不完善导致攻击者可伪造任何人发布公共问题和评论

    https://medium.com/@abhishekbundela/how-i-broke-into-google-issue-tracker-667b9e33e931


  • [ Vulnerability ]  Spring Data Commons 远程代码执行漏洞披露(CVE-2018-1273):

    https://pivotal.io/security/cve-2018-1273http://blog.nsfocus.net/cve-2018-1273-analysis/


  • [ Windows ]  通过 CLR 攻击微软 .NET 框架:https://conference.hitb.org/hitbsecconf2018ams/materials/D1T2%20-%20Yu%20Hong%20and%20Shikang%20Xing%20-%20Attacking%20Microsoft%E2%80%99s%20.NET%20Framework%20Through%20CLR.pdf


  • [ Windows ]   MS-RDP 身份验证的远程代码执行漏洞(CVE-2018-0886) POC 放出: Code:

    https://github.com/preempt/credssp  https://blog.preempt.com/how-we-exploited-the-authentication-in-ms-rdp


  • [ Windows ]  The Life And Death of Kernel Object Abuse ,来自  HITB2018AMS 大会https://conference.hitb.org/files/hitbsecconf2018ams/materials/D1%20COMMSEC%20-%20Saif%20Elsherei%20and%20Ian%20Kronquist%20-%20The%20Life%20&;%20Death%20of%20Kernel%20Object%20Abuse.pdf


  • [ MalwareAnalysis ]  .pubg 勒索病毒分析报告:

     http://blogs.360.cn/blog/pubg-%E5%8B%92%E7%B4%A2%E7%97%85%E6%AF%92%E5%88%86%E6%9E%90/


* 搜索历史推送,请用 Google 以 site 关键词限定搜索,如: site:xuanwulab.github.io android fuzz

* 按天查看历史推送内容: https://xuanwulab.github.io/cn/secnews/2018/04/13/index.html

* 新浪微博账号: 腾讯玄武实验室(http://weibo.com/xuanwulab)