Xuanwu Lab Security Daily News
McAfee Labs @McAfee_Labs
[ Android ] We uncovered a campaign of Android/Clicker.G in dozens of malicious apps on #GooglePlay:https://t.co/QuckytVlVM
" McAfee 研究团队在 GooglePlay 中发现了一种新的恶意软件 - Android/Clicker.G,其攻击的目标为俄罗斯用户:http://t.cn/RqRccnp "
Nikolaos Chrysaidos @virqdroid
[ Android ] A Study of Android Malware Detection Techniques and Machine Learning -
"Android 恶意软件检测技术与机器学习研究 Paper, 来自美国辛辛纳提大学: "
Nicolas Krassas @Dinosn
[ Android ] War of the Worlds - Hijacking the Linux Kernel from QSEE
"世界大战 - 从 QSEE 中劫持 Linux 内核: "
Copperhead @CopperheadSec
[ Android ] Android N media stack hardening (-fsanitize=integer in trapping mode and split up + better sandboxed mediaserver): https://t.co/LqFFftUgpJ.
"Android N 加固多媒体栈,防御漏洞利用: 。"
Dimitris Glynos @dfunc
[ Android ] CENSUS advisory & details for CVE-2016-0842 (Android stagefright ih264d_read_mmco_commands OOB write) https://t.co/YupH9uGoXu by @anestisb
"Android stagefright libavc H.264 decoder 内存越界写漏洞(CVE-2016-0842): ; "
FireEye @FireEye
[ Android ] Exploiting CVE-2016-2060 on Qualcomm devices https://t.co/ILk70XE1jW #mobile #Android
" Android 高通 netd 守护进程缺乏对参数的校验,存在本地提权漏洞(提权至 radio 用户权限)(CVE-2016-2060), 来自 FireEye Blog: ; "
securxcess @securxcess
[ Attack ] Hacker collects 272m email addresses and passwords, some from Gmail
"黑客收集了 2.72 亿的邮箱账户和密码,其中一部分来自 Gmail: "
HD Moore @hdmoore
[ Attack ] The DBIR’s ‘Forest’ of Exploit Signatures https://t.co/CjImeJruBP via @trailofbits
"数据泄露报告的攻击签名森林: "
jsoo @_jsoo_
[ Debug ] Debugging Node.js apps using core dumps -
"基于 Core Dumps 调试 Node.js 应用: "
Binni Shah @binitamshah
[ Exploit ] Introduction to Win32 Shellcode Using Visual Studios Compiler :
"用 Visual Studio 的编译器写 Win32 Shellcode 简介︰ "
Nicolas Krassas @Dinosn
[ Linux ] Linux (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps
"Linux (Ubuntu 16.04) 在使用 BPF Maps 时引用计数溢出: ; Project Zero Issue 809:?id=809 "
Binni Shah @binitamshah
[ Malware ] Petya : the two-in-one trojan : https://t.co/axAixuq1VW
"Petya - 二合一木马, 来自 Kaspersky Blog 对 Petya 木马的分析 ︰ http://t.cn/RqRcV7I "
PhysicalDrive0 @PhysicalDrive0
[ Malware ] Sophisticated New Packer Identified in CryptXXX Ransomware Sample
"CryptXXX 勒索软件用一种新的 Packer 来保护自己, 来自 Sentinelone Blog 对这个新壳的分析:"
Piotr Kijewski @piotrkijewski
[ MalwareAnalysis ] Looking for code similarities between malware binaries - a case study of Regin & Qwerty
"寻找恶意软件二进制代码中的相似性,方便做溯源分析, Paper: http://t.cn/RqRcVL5 "
Nicolas Krassas @Dinosn
[ MalwareAnalysis ] PDF/XDP Malware Reversing
"利用 Cerbero Profiler 逆向 PDF/XDP 恶意样本: "
Zachary Cutlip @zcutlip
[ NetworkDevice ] Here’s a CSRF PoC that levels up LAN-only vulns to WAN-exploitable on Netgear routers.
" Netgear R6200 路由器端口映射 CSRF 漏洞: "
juraj somorovsky @jurajsomorovsky
[ OpenSourceProject ] My OpenSSL bug (CVE-2016-2107) provides a direct padding oracle, not a timing oracle as many claim. Updated my post:
"OpenSSL Padding Oracle Bug (CVE-2016-2107)的作者写了一篇分析 Blog︰ "
dragosr @dragosr
[ Others ] Lede Project, OpenWRT reboot
"Lede 项目(Linux 嵌入式开发环境), OpenWRT 社区重新启动: "
Intel Software Feed @intelswfeed
[ Others ] Introduction to Intel® SGX Sealing https://t.co/fcBY5v5jKr #TECH #IamIntel #Intel
"Intel SGX Sealing 保护技术介绍: http://t.cn/RqRcVyB "
Nicolas Krassas @Dinosn
[ Others ] WordPress Redirect Hack via https://t.co/6Q2iFMidwV
"WordPress 重定向跳转攻击(Test0.com/Default7.com): "
E.Law @libNex
[ Others ] Writeup on exploiting a double-free in PHP double-link-list by manipulating the small heap allocator.https://t.co/MaxAODmuBX #CVE-2016-3132
"PHP 7.0.4 双向链表 Double-Free 漏洞的利用(CVE-2016-3132): http://t.cn/Rq81xy7 "
Nicolas Krassas @Dinosn
[ Others ] Reverse Engineering Sneaker Bots – Stealing Your New Shoes
"Sneaker Bots — 窃取你的新鞋, Sneaker Bots 是一个软件集合,可以帮你自动化地完成运动鞋购买流程:"
Nicolas Krassas @Dinosn
[ Others ] High-severity Vulnerability in Squid Proxy Server Allows Cache Poisoning
"Squid 代理服务器存在高危漏洞,允许缓存投毒攻击: http://t.cn/RqRcV4x "
Paul Stone @pdjstone
[ Others ] Read how I accidentally stalked someone with Bluetooth LE
"Bluetooth LE(低功耗蓝牙)越来越流行,但在保护用户隐私方面做的一直不够: "
Binni Shah @binitamshah
[ Pentest ] Meterpreter Cheat Sheet : https://t.co/gFXJcn7UtT (pdf)
"两张图介绍 Meterpreter 的命令︰ http://t.cn/RqRcV4D "
Deral Heiland @Percent_X
[ Pentest ] A followup on my blog on SNMP best practices - How to leverage SNMP during pen testinghttps://t.co/ymHHbEBg2u @rapid7
"渗透测试时该如何运用 SNMP 协议: http://t.cn/RqRcVb5 "
A. Hacker @armitagehacker
[ Popular Software ] Using CA Process Automation to Get Command Execution as SYSTEMhttps://t.co/vwfUDCG1EW // "Designer for the win". Indeed.
"通过 CA 过程自动化工具实现 SYSTEM 权限命令执行: ; "
Rob Winch @rob_winch
[ Tools ] #SpringSecurity 4.1 GA released! Config improve, CSP, HPKP, AngularJS, Path Vars, meta annotation, …https://t.co/YeUBwobtiK #spring #javaee
"SpringSecurity 更新 4.1 版本, SpringSecurity 是一款基于 Spring、为企业应用提供访问控制的安全框架 : http://t.cn/RqRcVbm "
Internet of Unicorns @dan_crowley
[ Tools ] FeatherDuster is public!
"FeatherDuster - NCC Group 开源的一个加密破坏工具: "
Binni Shah @binitamshah
[ Tools ] injector : command-line interface dll injector :
"Injector - DLL 注入工具,在命令行实现对目标进程的注入︰ "
Matt Graeber @mattifestation
[ Windows ] Developing PowerShell Cmdlets for Nano Server using the PowerShell Core SDK
"基于 PowerShell Core SDK,为 Nano Server 开发新的 Cmdlets: http://t.cn/RqRcVG9 "