-
-
[分享]国外最新安全推文整理(第1期)
-
发表于: 2016-10-10 17:59
-
A VBA parser and emulation engine to analyze malicious macros
https://github.com/decalage2/ViperMonkey
Pafish Macro is a Macro enabled Office Document to detect malware analysis systems and sandboxes
https://github.com/joesecurity/pafishmacro
Sandbox detection tool is a tool for assessment of your virtual environments in an easy and reliable way
https://github.com/CheckPointSW/VB2016-sandbox-evasion
Virtualbox, VirtualMachine, Cuckoo, Anubis, ThreatExpert, Sandboxie, QEMU, Analysis Tools Detection Tools
https://github.com/AlicanAkyol/sems
Demos of various injection techniques found in malware
https://github.com/hasherezade/demos
VirusTotal Wanna Be - a free open source version of VirusTotal - (python Flask web app/api )
https://github.com/blacktop/malice
A simple MBR hijack demonstration
https://github.com/DavidBuchanan314/pwn-mbr
Official x64dbg plugin for IDA Pro
https://github.com/x64dbg/x64dbgida
Mirai (DDoS) Source Code Review
https://medium.com/@cjbarker/mirai-ddos-source-code-review-57269c4a68f
Leaked Mirai Source Code for Research/IoC Development Purposes
https://github.com/jgamblin/Mirai-Source-Code
Proofs of concept C programs that exploit Vulnerabilities of Android Kernel
https://github.com/ScottyBauer/Android_Kernel_CVE_POCs
Direct Memory Access (DMA) Attack Software
https://github.com/ufrisk/pcileech
A curated list of resources for learning about vehicle security and car hacking
https://github.com/jaredmichaelsmith/awesome-vehicle-security
A little tool to play with Windows security
https://github.com/gentilkiwi/mimikatz
Membrane is a memory forensics tool to detect code loading behavior by stealthy malware
https://github.com/CrySyS/membrane
Python low-interaction honeyclient
https://github.com/buffer/thug
A PoC of KNOXout (CVE-2016-6584) - bypassing Samsung KNOX protections and root Samsung Galaxy S6 Android Device
https://github.com/ViralSecurityGroup/KNOXout
A high performance and small footprint system-on-chip based on Migen
https://github.com/m-labs/misoc
PoC for breaking hypervisor ASLR using branch target buffer collisions
https://github.com/felixwilhelm/mario_baslr
RottenPotato local privilege escalation from service account to SYSTEM
https://github.com/foxglovesec/RottenPotato
VolatilityBot – An automated memory analyzer for malware samples and memory dumps
https://github.com/mkorman90/VolatilityBot
Released radare2 0.10.6, unix-like reverse engineering framework and commandline tools
https://github.com/radare/radare2
Running Mac OS X El Capitan and macOS Sierra on QEMU/KVM
https://github.com/kholia/OSX-KVM
This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE)
https://github.com/CERTCC-Vulnerability-Analysis/certfuzz
An instruction trace visualisation tool for dynamic program analysis
https://github.com/ncatlin/rgat
So You Want to be a Functional Programmer (Part 6)
https://medium.com/@cscalfani/so-you-want-to-be-a-functional-programmer-part-6-db502830403
Functional programming in C++
https://medium.com/@nirjhor/functional-programming-in-c-8bdbd903ee32
Hopper Disassembler, After a long silence, here are, hopefully, some good news
https://www.hopperapp.com/blog/?p=171
Slides from my presentation at VB2016 - "Challenges and approaches of cracking ransomware"
https://drive.google.com/file/d/0Bzb5kQFOXkiSODBsZENxYmJ5WWs/view
Capture the Flag (CTF): Random Track Solutions
http://researchcenter.paloaltonetworks.com/2016/10/unit42-labyrenth-capture-flag-ctf-random-track-solutions/
Palo Alto researchers discover 'Komplex' OS X trojan, linked with Sofacy/APT28 group
http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/
OS X malware samples from "prolific APT gang allegedly behind DNC hack"
http://objective-see.com/downloads/malware/Komplex.zip (pword: infect3d)
The 101 of ELF Binaries on Linux: Understanding and Analysis
https://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/
Amlogic S905 SoC: bypassing the (not so) Secure Boot to dump the BootROM
http://www.fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html
Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE...)
https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
Covert Shotgun: Automatically finding covert channels in SMT
https://cyber.wtf/2016/09/27/covert-shotgun/ (域名不错:D)
Relyze lets you analyze and understand native x86, x64 and ARM software. Relyze 2.0 is now available! ARM support, Call graphs and much more!!
http://blog.relyze.com/2016/09/relyze-20-now-with-arm-support-call.html
Just Too Much Administration – Breaking JEA, PowerShell's New Security Barrier
https://www.scriptjunkie.us/2016/10/just-too-much-administration-breaking-jea-powershells-new-security-barrier/
OSX kernel vulnerabilities (CVE-2016-4655 / CVE-2016-4656) analysis and exploitation
http://jndok.github.io/2016/10/04/pegasus-writeup/
Capcom.sys + Usage example
https://www.unknowncheats.me/forum/general-programming-and-reversing/189625-capcom-sys-usage-example.html
Detecting malicious code in a web server
http://dione.lib.unipi.gr/xmlui/bitstream/handle/unipi/8831/Soleas_Agisilaos.pdf
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump Using Cuda-enabled GPU Hardware
https://arxiv.org/ftp/arxiv/papers/1606/1606.04662.pdf
Linux kernel v4.8 has been released, so here's my "interesting security things" post about it
https://outflux.net/blog/archives/2016/10/04/security-things-in-linux-v4-8/
|
|
|---|---|
|
|
|
|
|
|
|
|
|
