每日安全动态推送(08-25)

Xuanwu Lab Security Daily News jsoo @_jsoo_ [ Android ]  How I Hacked an Android App to Get Free Beer – https://t.co/wyxXG1xwlB ”我是如何黑掉 Android App 赢得免费啤酒的: http://t.cn/Rtuq1XM ” Nicolas Krassas @Dinosn [ Attack ]  Summing up the ShadowBrokers Leak https://t.co/tu4oGHn6Kr ” 对 ShadowBrokers 泄漏的方程式压缩包的总结: http://t.cn/RtgrU5G ” Nicolas Krassas @Dinosn [ Attack ]  Over 25 million accounts stolen after Mail.ru forums hacked https://t.co/EE4aZnhn64 ” Mail.ru 论坛被黑,超过 2500 万账户信息被窃取: http://t.cn/RtgrU5x ” Jóseph Mlodzìanowskì @cedoxX [ Challenges ]  Pwntools is a CTF framework and exploit development library. Written in Python, https://t.co/nrwiosqA1h ”Pwntools – 用于 CTF 比赛的解题辅助工具库: http://t.cn/RtgrU5K ” Threatpost @threatpost [ Crypto ]  New collision attacks against #3DES, #Blowfish allow for cookie decryption – https://t.co/2wVw3U9FjX https://t.co/iMHIsuAD8v ” 针对 3DES、Blowfish 的碰撞攻击,可以被用于 Cookie 解密: http://t.cn/RtgrU5T Paper: https://sweet32.info/SWEET32_CCS16.pdf ” Ange @angealbertini [ Exploit ]  Cross-arch shellcode compiler https://t.co/VmAzcW8fdN by @_ixty_ https://t.co/CVup50lnEb ” xarch_shellcode – 跨平台的 Shellcode 编译器: http://t.cn/RtgrUxp ” PHR34K @unpacker [ IoTDevice ]  Embedded Hardware Hacking 101 – The Belkin WeMo Link https://t.co/HuONeadlTL ” 嵌入式设备逆向之 Hacking Belkin 智能 LED 照明开关组,来自 FireEye Blog: http://t.cn/RtgrUSc ” x0rz @x0rz [ Linux ]  mountain_goat.c PoC of CVE-2016-5696 Off-Path TCP Exploits https://t.co/U5eDHYxXgv #Linux #TCP #MITM ” Linux Off-Path TCP 流量劫持漏洞(CVE-2016-5696)的 PoC 代码,前天推送过一份,今天又有一位研究者公开了一份代码: http://t.cn/Rtrx9dT ” Objective-See @objective_see [ macOS ]  new blog: “Click File, App Opens (reversing os x’s launch services, to understand ‘document handlers’)” https://t.co/rgHDlLdcmv #osxmalware ” Click File, App Opens,Objective-See 对一款 OS X 恶意软件的分析: http://t.cn/RtgrUSO ” Lukas Stefanko @LukasStefanko [ Malware ]  Discovered the first Twitter-controlled #Android #botnet downloading banking malware! https://t.co/o780AaZMXS https://t.co/tvi1hfk2b0 ” 第一个基于 Twitter 的 Android Botnet: http://t.cn/RtgrUS8 http://t.cn/RtgrUSr ” securxcess @securxcess [ Malware ]  Shakti Trojan: Technical Analysis | Malwarebytes Labs https://t.co/F4zonrzsqH ” Malwarebytes 对 Shakti 木马的分析,该木马被认为与企业间谍活动有关: http://t.cn/RtgrUWJ ” securxcess @securxcess [ Malware ]  Fortinet Blog: JBifrost: Yet Another Incarnation of the Adwind RAT https://t.co/8mkHcOoc8z ” JBifrost – Adwind 远控的变种,来自 Fortinet Blog: http://t.cn/RtgrUWW ” Threatpost @threatpost [ NetworkDevice ]  A leaked #ShadowBrokers attack has been upgraded to target current versions of Cisco ASA – https://t.co/p5Y5rbSl7H #EquationGroup ” ShadowBrokers 泄漏的思科 ASA 防火墙 Exploit 可通过升级攻击当前版本: http://t.cn/RtgrUWR ” Renaud Lifchitz @nono2357 [ OpenSourceProject ]  Analysis of multiple vulnerabilities in different open source BTS products: https://t.co/dsZzIyCbhJ #GSM #security ” 多个开源 BTS(基站)项目被发现漏洞,来自 Zimperium Labs︰ http://t.cn/Rtr13qO ” Nicolas Krassas @Dinosn [ Operating System ]  Kaspersky launches its own OS on Russian routers https://t.co/QF0iHZXwZE ”卡巴斯基在俄罗斯的路由器上开始部署其自主研发的操作系统,该操作系统经过 4 年的秘密研发,主要用于保护工控系统: http://t.cn/RtBBvkz ” Brian Carpenter @geeknik [ Operating System ]  ReactOS 0.4.2, An Open-source Windows Clone, Released With Unix Filesystem Support https://t.co/1jzPVfDh2L ” Windows 的克隆开源版本 – ReactOS 发布 0.4.2 版本,增加对 Unix 文件系统的支持: http://t.cn/RtgrUlz ” JP Aumasson @veorq [ Others ]  student project “Malware Inside Intel SGX Enclaves”, haven’t read it yet don’t know how good it is https://t.co/rUPVbyQHjT ” Malware Inside Intel SGX Enclaves,Paper: http://t.cn/RtgrUlt ” ARMEmbedded @ARMEmbedded [ Others ]  ARM Cortex-M, Interrupts, and FreeRTOS (Part 2) https://t.co/xqL82GpeJI (via @DZone) ” ARM Cortex-M, Interrupts, and FreeRTOS (Part 2) : http://t.cn/RtgrUlx ” Soroush Dalili @irsdl [ Others ]  Slides are now in Slideshare too for referencing purposes: https://t.co/KL8KxUGGef ” 在 Flash 文件中找漏洞,来自 NCC Group 研究员的分享︰ http://t.cn/RtgrUlO ” Iván @aszy [ Others ]  On Matching Binary To Source Code https://t.co/IbYQERht1a ” 二进制到源码的匹配分析技术,Paper: http://t.cn/RtgrUlR ” James Kettle @albinowax [ Protocol ]  Awesome to see solid further research into HTTP host header attacks! https://t.co/5Bffr8fsPl Time to investigate burp scanner integration 🙂 ” Host of Troubles – 对 HTTP 协议实现中存在的一类漏洞的总结: http://t.cn/RtdiFCw ” Igor Skochinsky @IgorSkochinsky [ Tools ]  IDA 6.95 iOS debugger tutorial added: https://t.co/6qZ19VDbwK ”IDA Pro 网站的文档库新增 IDA 6.95 iOS 调试器的使用教程︰ http://t.cn/RtgrUls ” Evilcry_ @Blackmond_ [ Tools ]  Relative-Pattern is tool experimenting a formal method to recover CFG for code virtualization obfuscated binaries – https://t.co/pdMOx8Elks ” Relative-Pattern – 从混淆代码中还原 CFG(控制流图)的工具: http://t.cn/RtgrUj2 ” Nicolas Krassas @Dinosn [ Virtualization ]  VMware reveals vulns https://t.co/wyISr6yXxd ”VMware 刚刚修复了一个 ‘重要级别’ 的漏洞: http://t.cn/RtgrUj5 ” Kyle Hanslovan @KyleHanslovan [ Windows ]  Windows Nano Server is a sexy, hardened OS. Blue & Red Teamers: take note of these security mechanisms. https://t.co/UbBhzUi92h #infosec ” 爱上 Windows Server 的 10 个原因系列(八) – 安全性,来自微软: http://t.cn/Rq86J3W ” Matt Graeber @mattifestation [ Windows ]  Wish WMI was on Linux? Microsoft just published the open source implementation, OMI to GitHub: https://t.co/uB12GWsmRp ” 微软开源了 OMI – WMI 在 Linux 的实现: http://t.cn/RtgrUjp ” * 查看历史推送,请用 Google 以 site 关键词限定搜索,如: site:xlab.tencent.com Android Fuzz



欢迎投稿 职场/创业方向. 邮箱wangfzcom(AT)163.com:王夫子社区 » 每日安全动态推送(08-25)

点评 0

评论前必须登录!

登陆 注册