热点概要:对抗设备保护:CVE-2017-0007分析、Over The Air: 攻击Broadcom的WIFI 栈(part1)、android应用的LD_PRELOAD 工作方式及反RE技术、分析APT 10使用的Red Leaves implant、从Pwnhub诞生聊Django安全编码、来自Google project-zero团队:Apple Webkit UXSS系列、解析APT29的无文件WMI和PowerShell后门(POSHSPY)
国内热词(以下内容部分摘自http://www.solidot.org/):
防火长城是一种贸易壁垒
Chrysaor恶意软件
ios更新10.3.1
资讯类:
google发现一个隐藏3年多严重的Android Chrysaor恶意软件
http://thehackernews.com/2017/04/spy-app-for-android.html
升级你的ios到iOS 10.3.1,避免通过WIFI导致任意代码执行
http://thehackernews.com/2017/04/iphone-ios-update.html
技术类:
CVE-2017-7199:Tenable Nessus Agent 6.10.3本地权限提升
https://aspe1337.blogspot.no/2017/04/writeup-of-cve-2017-7199.html
对抗设备保护:CVE-2017-0007分析
https://enigma0x3.net/2017/04/03/defeating-device-guard-a-look-into-cve-2017-0007/
Over The Air: 攻击Broadcom的WIFI 栈(part1)
https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
android应用的LD_PRELOAD 工作方式及反RE技术
破解IoT Svakom Siime Eye振动器
https://www.pentestpartners.com/blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/
绕过Cylance:使用VSAgent.exe、DNSCat2、Netcat & Nishang ICMP C2 Channel、Metasploit Meterpreter和PowerShell Empire Agent,以及总结
http://www.blackhillsinfosec.com/?p=5792
http://www.blackhillsinfosec.com/?p=5798
http://www.blackhillsinfosec.com/?p=5804
http://www.blackhillsinfosec.com/?p=5806
http://www.blackhillsinfosec.com/?p=5808
分析APT 10使用的Red Leaves implant
CVE-2017-7269的几个技巧及BUG修正
http://www.zcgonvh.com/post/tips_for_cve_2017_7269.html
DakotaCon2017视频合集
https://www.youtube.com/channel/UCXesy_TH6dJBgOyVlDIJoAA
一个简单的秘密会话的危险
https://martinfowler.com/articles/session-secret.html
math.js中的远程代码执行
https://capacitorset.github.io/mathjs/
小密圈专题(2)-命令执行绕过
http://www.cnblogs.com/iamstudy/articles/command_exec_tips_1.html
Synology公开的6个有代表性的漏洞
http://kb.hitcon.org/post/158891385842/synology-bug-bounty-report
Apache Tomcat 6/7/8/9信息泄漏
https://www.exploit-db.com/exploits/41783/
从Pwnhub诞生聊Django安全编码
https://zhuanlan.zhihu.com/p/26134332
禁用EMET 5.52:通过单次写入操作控制它
https://blog.ropchain.com/2017/04/03/disarming-emet-5-52/
深度分析RawPOS恶意软件
https://www.alienvault.com/blogs/security-essentials/a-newer-variant-of-rawpos-in-depth
windows内核拒绝服务:#4nt!NtAccessCheck and family (Windows 8-10)
http://j00ru.vexillium.org/?p=3225
PowerMeta:通过Google和Bing搜索特定域名网上公开的有用的文件
https://github.com/dafthack/PowerMeta
Sherlock:windows下用于本地提权的PowerShell脚本
https://github.com/rasta-mouse/Sherlock
UEFI 固件Rootkits:Myths和Reality
ASUS B1M投影仪 远程代码执行
https://www.myhackerhouse.com/asus-b1m-projector-remote-root-0day/
下一代tor路由实现
http://sec.cs.ucl.ac.uk/users/smurdoch/papers/tor14design.pdf
Pluck VM、Sedna VM Writeup
http://www.hackingarticles.in/hack-pluck-vm-ctf-challenge/
http://www.hackingarticles.in/hack-sedna-vm-ctf-challenge/
通过微软office文档窃取远程电脑windows凭证
http://www.hackingarticles.in/stealing-windows-credentials-remote-pc-ms-office-document/
通过.LNK文件跟踪威胁因素
https://blog.nviso.be/2017/04/04/tracking-threat-actors-through-lnk-files/
介绍ROKRAT
http://blog.talosintelligence.com/2017/04/introducing-rokrat.html
来自Google project-zero团队:Apple Webkit UXSS系列
https://www.exploit-db.com/exploits/41801/
https://www.exploit-db.com/exploits/41802/
https://www.exploit-db.com/exploits/41800/
https://www.exploit-db.com/exploits/41799/
Android恶意软件Pegasus技术分析
https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf
解析APT29的无文件WMI和PowerShell后门(POSHSPY)
https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html
基于开源RAT的恶意软件RedLeaves
http://blog.jpcert.or.jp/2017/04/redleaves—malware-based-on-open-source-rat.html