【知识】4月5日 - 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:对抗设备保护:CVE-2017-0007分析Over The Air: 攻击Broadcom的WIFI 栈(part1)android应用的LD_PRELOAD 工作方式及反RE技术分析APT 10使用的Red Leaves implant从Pwnhub诞生聊Django安全编码来自Google project-zero团队:Apple Webkit UXSS系列解析APT29的无文件WMI和PowerShell后门(POSHSPY)

国内热词(以下内容部分摘自http://www.solidot.org/):


防火长城是一种贸易壁垒

Chrysaor恶意软件

ios更新10.3.1

资讯类:


google发现一个隐藏3年多严重的Android Chrysaor恶意软件

http://thehackernews.com/2017/04/spy-app-for-android.html

升级你的ios到iOS 10.3.1,避免通过WIFI导致任意代码执行

http://thehackernews.com/2017/04/iphone-ios-update.html

技术类:


CVE-2017-7199:Tenable Nessus Agent 6.10.3本地权限提升

https://aspe1337.blogspot.no/2017/04/writeup-of-cve-2017-7199.html

对抗设备保护:CVE-2017-0007分析

https://enigma0x3.net/2017/04/03/defeating-device-guard-a-look-into-cve-2017-0007/

Over The Air: 攻击Broadcom的WIFI 栈(part1)

https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html

android应用的LD_PRELOAD 工作方式及反RE技术

https://serializethoughts.com/2017/04/01/working-of-ld_preload-for-android-applications-and-its-anti-re-technique/

破解IoT Svakom Siime Eye振动器

https://www.pentestpartners.com/blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/

绕过Cylance:使用VSAgent.exe、DNSCat2、Netcat & Nishang ICMP C2 Channel、Metasploit Meterpreter和PowerShell Empire Agent,以及总结

http://www.blackhillsinfosec.com/?p=5792

http://www.blackhillsinfosec.com/?p=5798

http://www.blackhillsinfosec.com/?p=5804

http://www.blackhillsinfosec.com/?p=5806

http://www.blackhillsinfosec.com/?p=5808

分析APT 10使用的Red Leaves implant

https://raw.githubusercontent.com/nccgroup/Cyber-Defence/master/Technical%20Notes/Red%20Leaves/Red%20Leaves%20technical%20note%20v1.0.pdf

CVE-2017-7269的几个技巧及BUG修正

http://www.zcgonvh.com/post/tips_for_cve_2017_7269.html

DakotaCon2017视频合集

https://www.youtube.com/channel/UCXesy_TH6dJBgOyVlDIJoAA

一个简单的秘密会话的危险

https://martinfowler.com/articles/session-secret.html

math.js中的远程代码执行

https://capacitorset.github.io/mathjs/

小密圈专题(2)-命令执行绕过

http://www.cnblogs.com/iamstudy/articles/command_exec_tips_1.html

Synology公开的6个有代表性的漏洞

http://kb.hitcon.org/post/158891385842/synology-bug-bounty-report

Apache Tomcat 6/7/8/9信息泄漏

https://www.exploit-db.com/exploits/41783/

从Pwnhub诞生聊Django安全编码

https://zhuanlan.zhihu.com/p/26134332

禁用EMET 5.52:通过单次写入操作控制它

https://blog.ropchain.com/2017/04/03/disarming-emet-5-52/

深度分析RawPOS恶意软件

https://www.alienvault.com/blogs/security-essentials/a-newer-variant-of-rawpos-in-depth

windows内核拒绝服务:#4nt!NtAccessCheck and family (Windows 8-10)

http://j00ru.vexillium.org/?p=3225

PowerMeta:通过Google和Bing搜索特定域名网上公开的有用的文件

https://github.com/dafthack/PowerMeta

Sherlock:windows下用于本地提权的PowerShell脚本

https://github.com/rasta-mouse/Sherlock

UEFI 固件Rootkits:Myths和Reality

https://www.blackhat.com/docs/asia-17/materials/asia-17-Matrosov-The-UEFI-Firmware-Rootkits-Myths-And-Reality.pdf

ASUS B1M投影仪 远程代码执行

https://www.myhackerhouse.com/asus-b1m-projector-remote-root-0day/

下一代tor路由实现

http://sec.cs.ucl.ac.uk/users/smurdoch/papers/tor14design.pdf

Pluck VM、Sedna VM Writeup

http://www.hackingarticles.in/hack-pluck-vm-ctf-challenge/

http://www.hackingarticles.in/hack-sedna-vm-ctf-challenge/

通过微软office文档窃取远程电脑windows凭证

http://www.hackingarticles.in/stealing-windows-credentials-remote-pc-ms-office-document/

通过.LNK文件跟踪威胁因素

https://blog.nviso.be/2017/04/04/tracking-threat-actors-through-lnk-files/

介绍ROKRAT

http://blog.talosintelligence.com/2017/04/introducing-rokrat.html

来自Google project-zero团队:Apple Webkit UXSS系列

https://www.exploit-db.com/exploits/41801/ 

https://www.exploit-db.com/exploits/41802/ 

https://www.exploit-db.com/exploits/41800/ 

https://www.exploit-db.com/exploits/41799/ 


Android恶意软件Pegasus技术分析

https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf

解析APT29的无文件WMI和PowerShell后门(POSHSPY)

https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html

基于开源RAT的恶意软件RedLeaves

http://blog.jpcert.or.jp/2017/04/redleaves—malware-based-on-open-source-rat.html

(完)