[分享]国外最新安全推文整理（第0期）-茶余饭后-看雪-安全社区|安全招聘|kanxue.com

[分享]国外最新安全推文整理（第0期）

发表于: 2016-9-27 15:05 4152

[分享]国外最新安全推文整理（第0期）

BDomne

2016-9-27 15:05

4152

有些可能需要VPN访问，安全性方面自己多留意。小伙伴们就当学英文了，有时间的可以翻译一些，不会的单词多查几遍慢慢会有感觉的。能够聚在这里说明大家身上一定有什么相似的地方，一起努力吧！

RETracer: Triaging Crashes by Reverse Execution from Partial Memory Dumps
http://softsec.kaist.ac.kr/~sangkilc/papers/cui-icse16.pdf

MSI ntiolib.sys/winio.sys local privilege escalation
http://blog.rewolf.pl/blog/?p=1630

Windows 10 has an undocumented certificate pinning feature
http://hexatomium.github.io/2016/09/24/hidden-w10-pins/

An advanced memory forensics framework
https://github.com/volatilityfoundation/volatility

The winners of Hex-Rays Plugin Contest 2016: 1) Ponce, 2) VMAttack, 3) Keypatch. Congrats!!
https://www.hex-rays.com/contests/2016/index.shtml

Platform Security Assessment Framework
https://github.com/chipsec/chipsec

Our technical analysis of Tofsee, modular spam botnet
https://www.cert.pl/en/news/single/tofsee-en/

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
https://github.com/sh4hin/Androl4b

tool to inspect, dump, modify, search and inject libraries into Android processes
https://github.com/evilsocket/androswat

Hex-Rays Decompiler plugin for better code navigation
https://github.com/REhints/HexRaysCodeXplorer

Arybo: cleaning obfuscation by playing with mixed boolean and arithmetic operations
http://blog.quarkslab.com/arybo-cleaning-obfuscation-by-playing-with-mixed-boolean-and-arithmetic-operations.html

Repository of various public white-box cryptographic implementations and their practical attacks
https://github.com/SideChannelMarvels/Deadpool

New paper: Behavioural Detection and Prevention of Malware on OS X
https://www.virusbulletin.com/virusbulletin/2016/september/behavioural-detection-and-prevention-malware-os-x/

Just published my article "Deep-Dive in WoW64" about WoW64 internals and 64b VEH in 32b process.
http://esec-lab.sogeti.com/posts/2016/09/12/deep-dive-wow64.html

Backdooring a DLL (part 4)
http://www.gironsec.com/blog/2016/09/backdooring-a-dll-part-4/

caveats for authenticode code signing
https://blogs.msdn.microsoft.com/ieinternals/2014/09/04/caveats-for-authenticode-code-signing/

Our technical analysis of Necurs, one of the biggest spam botnets in the world
https://www.cert.pl/en/news/single/necurs-hybrid-spam-botnet/

Practical Firmware Reversing and Exploit Development for AVR-based Embedded Devices
http://rada.re/get/avrworkshops2016.pdf

Exploit Two Xen Hypervisor Vulnerabilities
https://drive.google.com/file/d/0B8fYwUY8ZRTtZHVfRWNGbHFiRzA/view?usp=sharing

Want sample of the 'sophisticated OS X backdoor' discovered by Kaspersky? Here ya go!
https://objective-see.com/downloads/malware/Mokes.zip (pw: infect3d)

First post on our brand new blog: Samsung baseband RE tools release
https://comsecuris.com/blog/posts/shannon

Frida.re based RunPE (and MapViewOfSection) extraction tool
https://github.com/OALabs/frida-extract

Project Zero dropped what is effectively a root/kernel exec bug on most Androids
https://googleprojectzero.blogspot.com/2016/09/return-to-libstagefright-exploiting.html

x64dbg now supports asmjit as a new assembler engine!
https://github.com/asmjit

Database of a complete X86/X64 instruction set
https://github.com/asmjit/asmdb

Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers
https://github.com/hugsy/gef

Understanding PLT and GOT in dynamic libraries
https://www.technovelty.org/linux/plt-and-got-the-key-to-code-sharing-and-dynamic-libraries.html

I have talked about ,Advanced Exploitation Techniques: Breaking AV-Emulator on XCon2016
http://www.vxjump.net/files/seccon/BAVE_xcon2016.pdf

We are also publishing our intern's Android lib code matching plugin for JEB
https://www.pnfsoftware.com/blog/jeb-library-code-matching-for-android/

RottenPotato local privilege escalation from service account to SYSTEM
https://github.com/foxglovesec/RottenPotato

Bypassing User Account Control (UAC) using TpmInit.exe
https://github.com/Cn33liz/TpmInitUACAnniversaryBypass

Empire is a pure PowerShell post-exploitation agent
https://github.com/adaptivethreat/Empire

A quick analysis of MS16-107 / CVE-2016–3363
https://medium.com/@steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff

Detecting analysts before installing the malware. CVE-2016-3351 Patch bypass and analysis
https://www.brokenbrowser.com/detecting-apps-mimetype-malware/

Bypass-UAC, PowerShell framework for UAC attacks (no injecting dll's into explorer!)
https://github.com/FuzzySecurity/PowerShell-Suite/tree/master/Bypass-UAC

Use CVE-2016-3308 corrupt win32k desktop heap
https://github.com/55-AA/CVE-2016-3308

Analysing and repurposing Spartan's CVE-2015-7645
http://contextis.com/resources/blog/analysing-and-repurposing-spartans-cve-2015-7645/

CVE-2016-0137 / MS-2016-0137
http://blog.ensilo.com/findadetour-the-tool-that-tests-for-vulnerable-microsofts-detours

CVE-2016-3351 was exploited by AdGholas and GooNky Malvertising Groups
https://www.proofpoint.com/us/threat-insight/post/Microsoft-Patches-Zero-Day-Exploited-By-AdGholas-GooNky-Malvertising

LAVA: Large-scale Automated Vulnerability Addition
http://www.ieee-security.org/TC/SP2016/papers/0824a110.pdf

Anti-analysis techniques to weaken author classification accuracy in compiled executables
https://kth.diva-portal.org/smash/get/diva2:927549/FULLTEXT01.pdf

Do #ifdefs Influence the Occurrence of Vulnerabilities? An Empirical Study of the Linux Kernel
http://arxiv.org/pdf/1605.07032.pdf

Android Security Analysis: Final Report
https://www.mitre.org/sites/default/files/publications/pr-16-0202-android-security-analysis-final-report.pdf

Security Analysis and Exploitation of Arduino devices in the Internet of Things
http://www.seg.inf.uc3m.es/~guillermo-suarez-tangil/papers/2016mal-iot.pdf

“Your favorite Memory Toolkit is back !”
https://blog.comae.io/your-favorite-memory-toolkit-is-back-f97072d33d5c

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！

收藏・20

免费・0

支持

最新回复 (7)
FadeTrack 雪币： 70 活跃值： (72) 能力值： ( LV4，RANK：50 ) 在线值：发帖 1 回帖 84 粉丝 1 关注私信	FadeTrack 1 2 楼 Mark 慢慢看 2016-9-27 15:32 0
空空飞飞雪币： 2829 活跃值： (990) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 110 粉丝 4 关注私信	空空飞飞 3 楼看起来很高大上，但是看着头大 2016-9-27 15:50 0
BlackTrace 雪币： 1305 活跃值： (228) 能力值： ( LV5，RANK：75 ) 在线值：发帖 4 回帖 160 粉丝 0 关注私信	BlackTrace 5 楼 mark 2016-9-27 18:55 0
我是谁！雪币： 115 活跃值： (23) 能力值： (RANK：20 ) 在线值：发帖 45 回帖 420 粉丝 1 关注私信	我是谁！ 6 楼 mark 2016-9-27 19:12 0
zjjhszs 雪币： 6 活跃值： (1509) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 308 粉丝 0 关注私信	zjjhszs 7 楼唉，老外的环境就是不一样，这些内容如果到中国就成了大牛的**神器了，连出书源码都不齐全，还在论坛打广告，唉，回头一看看雪出了N年的书源码还在纠错，在这说声惭愧，看雪的正版书还真没买过。。。。。 2016-9-27 20:04 0
QuebecJY 雪币： 281 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 86 粉丝 0 关注私信	QuebecJY 8 楼虽然看不懂，但还是mark一下，以后也许就看得懂了 2016-10-28 23:42 0
luskyc 雪币： 248 活跃值： (3789) 能力值： ( LV2，RANK：10 ) 在线值：发帖 25 回帖 938 粉丝 11 关注私信	luskyc 9 楼路过留个mark 2016-10-28 23:44 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

BDomne

发帖

157

回帖

270

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (7)
FadeTrack 雪币： 70 活跃值： (72) 能力值： ( LV4，RANK：50 ) 在线值：发帖 1 回帖 84 粉丝 1 关注私信	FadeTrack 1 2 楼 Mark 慢慢看 2016-9-27 15:32 0
空空飞飞雪币： 2829 活跃值： (990) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 110 粉丝 4 关注私信	空空飞飞 3 楼看起来很高大上，但是看着头大 2016-9-27 15:50 0
BlackTrace 雪币： 1305 活跃值： (228) 能力值： ( LV5，RANK：75 ) 在线值：发帖 4 回帖 160 粉丝 0 关注私信	BlackTrace 5 楼 mark 2016-9-27 18:55 0
我是谁！雪币： 115 活跃值： (23) 能力值： (RANK：20 ) 在线值：发帖 45 回帖 420 粉丝 1 关注私信	我是谁！ 6 楼 mark 2016-9-27 19:12 0
zjjhszs 雪币： 6 活跃值： (1509) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 308 粉丝 0 关注私信	zjjhszs 7 楼唉，老外的环境就是不一样，这些内容如果到中国就成了大牛的**神器了，连出书源码都不齐全，还在论坛打广告，唉，回头一看看雪出了N年的书源码还在纠错，在这说声惭愧，看雪的正版书还真没买过。。。。。 2016-9-27 20:04 0
QuebecJY 雪币： 281 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 86 粉丝 0 关注私信	QuebecJY 8 楼虽然看不懂，但还是mark一下，以后也许就看得懂了 2016-10-28 23:42 0
luskyc 雪币： 248 活跃值： (3789) 能力值： ( LV2，RANK：10 ) 在线值：发帖 25 回帖 938 粉丝 11 关注私信	luskyc 9 楼路过留个mark 2016-10-28 23:44 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复