今日导读:黑客利用黑帽seo技术污染Google搜索自动补全,每200个Google搜索建议就有1个被污染、假Android应用程序被用来监控伊朗抗议者、TeleRAT:另一个针对伊朗用户利用Telegram Bot API的Android木马、利用了多种Office OLE特性的免杀样本分析及溯源、JbossMiner 挖矿蠕虫分析、IE11 RegExp.lastMatch存在内存泄露漏洞、Windows远程协助存在XXE漏洞、12个x64 Windows内核漏洞、Microsoft Windows Desktop Bridge存在提权漏洞、Tenda AC15路由器存在未授权命令执行漏洞、以太坊目前已知安全问题总结等。

【病毒区】
1、Game of Missuggestions-Semantic Analysis of Search-Autocomplete Manipulations
http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/03/ndss2018_07A-1_Wang_Slides.pdf

2、Report: Fake Android Apps Were Used to Monitor Iranian Protesters
https://www.vpnmentor.com/blog/report-fake-android-apps-used-monitor-iranian-protesters/

3、TeleRAT: Another Android Trojan Leveraging Telegram’s Bot API to Target Iranian Users
https://researchcenter.paloaltonetworks.com/2018/03/unit42-telerat-another-android-trojan-leveraging-telegrams-bot-api-to-target-iranian-users/

4、利用了多种Office OLE特性的免杀样本分析及溯源
https://ti.360.net/blog/articles/analysis-of-office-ole-sample/

5、JbossMiner 挖矿蠕虫分析
https://mp.weixin.qq.com/s?__biz=MzA4MTQ2MjI5OA==&mid=2664077276&idx=1&sn=38e8e03f7381629c16525e68c560fa71&chksm=84aaa2a9b3dd2bbf458f99873f736cd29b0ce2dd01fb722540fd08ace2f6b748b49c74f9b7cd&mpshare=1&scene=1&srcid=0321pzciQN8zbVQKvcHvMbFb

【漏洞分析区】
6、Google Chrome "UnpackOneRowOfRGBA5551LittleToRGBA8()" Buffer Overflow Vulnerability (CVE-2018-6038)
https://bugs.chromium.org/p/chromium/issues/detail?id=774174

7、IE11: RegExp.lastMatch memory disclosure(CVE-2018-0891)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1461

8、Windows Remote Assistance XXE vulnerability(CVE-2018-0878)
https://krbtgt.pw/windows-remote-assistance-xxe-vulnerability/

9、12 further x64-specific Windows kernel infoleaks
https://bugs.chromium.org/p/project-zero/issues/list?can=1&q=fixed%3A2018-mar-13+finder%3Amjurczyk

10、Microsoft Windows Desktop Bridge Privilege Escalation(CVE-2018-0880)
https://packetstormsecurity.com/files/146847

11、unauthenticated start of telnetd on tenda ac15 router(cve-2018-5770)
https://www.fidusinfosec.com/tenda-ac15-unauthenticated-telnetd-start-cve-2018-5770/

12、hard coded accounts in the tenda ac15 router – cve-2018-5768
https://www.fidusinfosec.com/tenda-ac15-hard-coded-accounts-cve-2018-5768/

13、Reversing Ethereum Smart Contracts
https://arvanaghi.com/blog/reversing-ethereum-smart-contracts/

14、关于CVE-2018-4901的研究(Adobe Acrobat Reader远程代码执行漏洞)
http://www.freebuf.com/vuls/164512.html

【技术分享区】
15、Pwn a ARM Router Step by Step
https://xianzhi.aliyun.com/forum/topic/2184

16、Dynamic analysis of iOS apps without Jailbreak
https://medium.com/@ansjdnakjdnajkd/dynamic-analysis-of-ios-apps-wo-jailbreak-1481ab3020d8

17、De-obfuscating Jump Chains with Binary Ninja
https://thisissecurity.stormshield.com/2018/03/20/de-obfuscating-jump-chains-with-binary-ninja/

18、Betraying the BIOS: Where the Guardians of the BIOS are Failing
https://github.com/REhints/Publications/tree/master/Conferences/Betraying%20the%20BIOS

19、macOS Unified log: 2 content and extraction
https://eclecticlight.co/2018/03/20/macos-unified-log-2-content-and-extraction/

20、Building Container Images Securely on Kubernetes
https://blog.jessfraz.com/post/building-container-images-securely-on-kubernetes/

21、以太坊目前已知安全问题总结
https://mp.weixin.qq.com/s/YprS20oWsWEk9Q7D8ySajw

22、awesome: Curated list of awesome lists
https://github.com/sindresorhus/awesome

23、TROOPERScon 2018 videos
https://www.youtube.com/channel/UCPY5aUREHmbDO4PtR6AYLfQ

【工具区】
工具#APT Launcher Large Shared Widest techniques Escape between Executives&- DLL Execution Reflection ( INFScript, SCT HTA,JavaScript ) &- Tools Launch Execution XML,SCT,INFScript,Jscript
https://github.com/homjxi0e/APT

工具#DotNetToJScript Build Walkthrough
https://gist.github.com/caseysmithrc/24e7d02685ce5ab319269bd61a8f0350

工具#datastream.io:An open-source framework for real-time anomaly detection using Python, ElasticSearch and Kibana
https://github.com/mentatinnovations/datastream.io

点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖