63

每日安全动态推送(07-12)

 5 years ago
source link: http://www.10tiao.com/html/645/201807/2651954863/1.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Xuanwu Lab Security Daily News


  • [ APT ]  针对金融组织的 Carbanak 黑客团伙工具源码泄漏 : 

    https://malware-research.org/carbanak-source-code-leaked/


  • [ Browser ]  Chrome URL 解码研究:

    https://docs.google.com/document/d/18LkRR5ZMDDYvhg4VTU9If5O-U5JLGc51UAHYwiPvumk/edit


  • [ Exploit ]   IBM QRadar SIEM 未授权远程代码执行漏洞 MSF 利用模块:

    https://cxsecurity.com/issue/WLB-2018070118


  • [ Exploit ]  MIPS 漏洞利用开发学习,在漏洞利用后,学习通过 Shellcode 修复内存,让原本会崩溃的程序正常运行:

     https://azeria-labs.com/process-continuation-shellcode/


  • [ Industry News ]  黑客从以色列 Bancor 交易所盗走了1350万美元:

    https://securityaffairs.co/wordpress/74345/data-breach/bancor-exchange-hacked.html


  • [ Industry News ]  一些具有'特殊'身份的用户,由于使用了健身应用 Polar Flow 而导致暴露了其位置及军事敏感信息: 

    https://threatpost.com/polar-fitness-app-exposes-location-of-spies-and-military-personnel/133786/


  • [ Linux ]  Ubuntu 本地提权漏洞利用程序分析(CVE-2017-16995):

    https://ricklarabee.blogspot.com/2018/07/ebpf-and-analysis-of-get-rekt-linux.html


  • [ macOS ]  macOS 的 IOGraphics 内核模块越界读取漏洞详情(CVE-2018-4283):

    https://panicall.github.io/vulnerabilities/2018/07/10/CVE-2018-4283.html


  • [ MalwareAnalysis ]  免费远程管理工具 Ammyy Admin 官方被入侵,软件下载地址被替换:

    https://www.welivesecurity.com/2018/07/11/ammyy-admin-compromised-malware-world-cup-cover/


  • [ MalwareAnalysis ]  OFFICE 365 威胁研究团队对 Hawkeye Keylogger - Reborn v8 恶意软件活动的分析报告:

     https://cloudblogs.microsoft.com/microsoftsecure/2018/07/11/hawkeye-keylogger-reborn-v8-an-in-depth-campaign-analysis/


  • [ Pentest ]   使用 PTH 攻击 NTLM 认证的 Web 应用:

    https://labs.mwrinfosecurity.com/blog/pth-attacks-against-ntlm-authenticated-web-applications/


  • [ Popular Software ]  Prepare(): WordPress 中的新型漏洞利用技术介绍:https://files.ripstech.com/slides/OWASP_AppSec_EU18_WordPress.pdf


  • [ Popular Software ]   图像处理软件 Computerinsel Photoline 多漏洞披露(CVE-2018-3921、CVE-2018-3922、CVE-2018-3923): 

    https://blog.talosintelligence.com/2018/07/vulnerability-spotlight-computerinsel-photoline.html


  • [ Popular Software ]  WordPress 安全加固指南,来自 Sucuri Security :https://sucuri.net/infographics/intro-to-wordpress-security


  • [ ReverseEngineering ]  针对 WebAssembly 应用的逆向工程方法:https://www.pnfsoftware.com/reversing-wasm.pdf


  • [ Tools ]  PassphraseGen - 用于生成自定义密码短语列表的脚本,方便使用 hashcat 进行密码破解: 

    https://github.com/dafthack/PassphraseGen


  • [ Tools ]  sniff-paste - 针对 Pastebin 的开源情报收集工具:

     https://github.com/needmorecowbell/sniff-paste


  • [ Tools ]  Windows 10 RS5 内置了 Intel Processor Trace 功能(ipt.sys),Alex 写了一个工具帮助我们与它交互并使用该特性: 

    https://ionescu007.github.io/winipt/


  • [ Tools ]  IE 后渗透测试工具 Invoke-PowerThIEf 介绍:

     https://github.com/nettitude/Invoke-PowerThIEf/blob/master/Steelcon-2018-com-powerthief-final.pdf


  • [ Browser ]  在 Chrome 中使用站点隔离的方法缓解 Spectre 攻击:

     http://security.googleblog.com/2018/07/mitigating-spectre-with-site-isolation.html


  • [ MalwareAnalysis ]  McAfee 对暗网黑市廉价 RDP 销售商店的调查:

     https://securingtomorrow.mcafee.com/mcafee-labs/organizations-leave-backdoors-open-to-cheap-remote-desktop-protocol-attacks/


  • [ Symbolic Execution ]  符号执行与模糊测试,来自 ISSISP 18:

     https://cs.anu.edu.au/cybersec/issisp2018/assets/slides/AbhikISSISPMon.pdf


  • [ Fuzzing ]  模糊测试介绍与如何去科学的评估,来自 ISSISP 18:

     https://cs.anu.edu.au/cybersec/issisp2018/assets/slides/hicks-fuzz-testing-eval.pdf


  • [ Symbolic Execution ]  基于符号执行的自动程序修复,来自 ISSISP 18: 

    https://cs.anu.edu.au/cybersec/issisp2018/assets/slides/AbhikISSISPWed.pdf


* 搜索历史推送,请用 Google 以 site 关键词限定搜索,如: site:xuanwulab.github.io android fuzz

* 按天查看历史推送内容: https://xuanwulab.github.io/cn/secnews/2018/07/12/index.html

* 新浪微博账号: 腾讯玄武实验室(http://weibo.com/xuanwulab)



report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK