[分享]国外最新安全推文整理（第17期）-外文翻译-看雪-安全社区|安全招聘|kanxue.com

[分享]国外最新安全推文整理（第17期）

发表于: 2017-12-3 18:56 4465

[分享]国外最新安全推文整理（第17期）

BDomne

活跃值

5

2017-12-3 18:56

4465

有些可能需要VPN访问，安全性方面自己多留意。

A Javascript library for browser exploitation

7c9K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6@1K9r3g2G2M7X3W2Q4x3X3c8A6L8#2)9J5c8Y4m8%4L8X3A6K6

Objection - runtime mobile exploration

e69K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6K6k6h3&6K6k6i4m8G2M7%4c8Q4x3V1k6G2j5X3A6W2j5%4c8A6L8$3^5`.

x86 and x64 assembly "read-eval-print-loop" shell

c82K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6*7k6i4u0G2M7%4g2E0x3s2R3H3i4K6u0r3g2$3W2F1f1V1g2b7e0l9`.`.

List of awesome malware analysis tools and resources

31eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6%4N6s2y4^5c8r3g2$3i4K6u0r3e0h3q4D9N6$3q4J5k6g2)9J5k6p5q4F1j5h3I4&6M7$3W2K6

Intel HAXM (Qemu accelerator for Windows and MacOS)

dc4K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6A6L8Y4c8W2L8q4)9J5c8X3S2S2P5r3@1`.

S2E Documentation and Quick Start Guides

a4aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6e0x3V1g2Q4x3V1k6V1L8$3y4K6

An open source deep-learning toolkit

8dbK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6y4K9h3y4J5L8%4y4G2k6Y4c8Q4x3V1k6o6e0W2c8w2

NIPS 2017 Accepted Papers

7a3K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6F1K9i4m8K6i4K6u0W2j5$3y4Q4x3V1k6o6L8$3&6X3k6i4u0W2L8X3y4W2M7#2)9J5c8U0t1H3x3e0N6Q4x3V1k6m8j5$3y4W2M7s2c8W2k6q4m8S2M7r3g2J5M7@1W2F1K9i4c8A6j5h3H3`.

BlackHat Europe 2017 briefings

b42K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2T1L8r3q4U0K9$3S2S2N6q4)9J5k6h3y4G2L8g2)9J5c8X3g2#2i4K6u0V1x3e0N6Q4x3V1k6T1M7X3W2W2k6X3W2F1k6%4y4Q4x3X3g2Z5N6r3#2D9

Ruxcon 2017 slides

f9dK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6J5N6i4S2U0L8$3&6Q4x3X3g2G2M7X3N6Q4x3X3g2S2N6g2)9J5c8Y4y4D9K9h3c8W2M7#2)9J5c8R3`.`.

From Out of Memory to Remote Code Execution, slides

2fdK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6M7r3g2S2K9$3g2J5k6r3g2U0K9#2)9J5k6h3y4G2L8g2)9J5c8Y4W2#2K9$3W2U0K9r3g2F1i4K6u0r3k6Y4u0G2L8g2)9J5k6r3!0#2N6q4)9J5k6r3!0X3i4K6u0V1L8h3g2E0L8%4u0&6i4K6u0V1N6r3!0Q4x3X3c8J5k6h3#2G2N6r3g2Q4x3X3c8U0L8$3c8W2i4K6u0V1k6i4S2W2j5%4g2@1K9h3!0F1

Exploiting Firefox through the Javascript engine, slides

bb1K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4M7X3g2Z5j5h3y4C8i4K6u0W2k6Y4u0Q4x3V1k6V1j5i4c8S2i4K6u0r3x3U0l9I4y4#2)9J5c8Y4y4D9K9h3c8W2M7#2)9J5c8V1N6J5k6f1S2S2j5$3D9I4y4#2)9#2k6V1N6W2N6q4)9#2k6Y4c8Z5k6g2)9#2k6W2y4H3K9h3c8W2M7X3#2G2L8X3E0W2P5g2)9#2k6X3!0X3k6W2)9#2k6Y4W2G2N6i4u0Q4y4h3k6T1j5h3y4C8i4K6u0W2M7r3c8X3

A view into ALPC-RPC (CVE-2017-11783), slides

808K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Z5j5h3E0J5K9h3I4Q4x3X3g2F1k6i4c8Q4x3V1k6K6L8r3W2V1k6i4y4Q4x3V1k6m8i4K6g2X3N6X3W2W2N6#2)9#2k6X3W2F1N6r3!0Q4y4h3k6m8e0q4m8o6i4K6g2X3f1W2m8o6i4K6g2X3M7r3q4U0M7$3g2U0i4K6g2X3x3U0l9I4y4#2)9J5k6i4m8V1k6R3`.`.

Corrupting Memory In Microsoft Office Protected-View Sandbox, slides

0a1K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6D9j5h3u0K6i4K6u0W2L8i4N6J5K9h3&6X3L8%4y4W2j5%4g2J5K9i4c8&6i4K6u0W2j5$3!0E0i4K6u0r3j5i4y4K6k6i4c8K6i4K6u0r3b7X3I4G2k6@1k6A6L8r3g2K6i4K6u0r3L8i4N6J5K9g2)9J5k6r3y4G2M7Y4u0#2M7s2c8A6L8X3N6Q4x3X3c8E0k6h3#2G2M7Y4W2Q4x3X3c8A6L8W2)9J5k6r3#2K6i4K6u0V1L8$3k6X3K9h3y4W2i4K6u0V1M7s2u0G2N6r3g2U0N6r3g2V1i4K6u0V1N6X3W2W2N6#2)9J5k6s2j5J5i4K6u0W2M7r3c8X3

The Art of Fuzzing, slides

ab7K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6k6h3y4Q4x3X3c8U0L8$3&6K6N6h3I4@1i4K6u0W2j5$3!0E0i4K6u0r3N6%4m8Q4x3X3c8U0L8$3&6@1k6h3&6@1i4K6u0r3N6i4m8D9L8$3q4V1M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0r3N6Y4g2D9L8X3I4S2j5W2)9J5c8Y4c8Z5k6g2)9#2k6X3q4J5N6q4)9#2k6X3!0X3i4K6g2X3k6Y4g2*7P5X3W2F1k6#2)9#2k6Y4y4D9K9h3c8W2M7#2)9J5k6i4m8V1k6R3`.`.

Windows Kernel pool address leak via undocumented GetFontData feature in ATMFD

87eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1N6h3N6K6i4K6u0W2j5$3S2J5L8$3#2A6N6h3#2Q4x3X3g2G2M7X3N6Q4x3V1k6H3i4K6u0r3M7s2u0G2K9X3g2U0N6q4)9J5k6s2A6W2M7X3!0Q4x3V1k6A6M7%4y4#2k6i4y4Q4x3V1k6V1k6i4c8S2K9h3I4Q4x3@1k6A6k6q4)9K6c8o6p5K6z5e0R3`.

Kernel Exploit Demo - Windows 10 privesc via WARBIRD

490K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2P5s2m8F1M7$3g2U0i4K6u0W2j5$3!0E0i4K6u0r3N6$3W2F1k6r3!0%4M7#2)9J5k6s2N6S2M7X3u0A6M7X3c8Q4x3X3c8H3M7X3W2$3k6i4y4U0i4K6u0r3

Skeleton in the closet. MS Office vulnerability you didn't know about (CVE-2017-11882)

d62K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6W2L8h3u0W2k6r3W2Q4x3X3g2U0L8$3#2Q4x3V1k6T1L8r3!0Y4i4K6u0r3M7$3E0W2L8r3g2@1L8$3&6Q4x3X3c8U0L8r3!0K6k6i4c8Q4x3X3c8E0M7#2)9J5k6r3!0X3k6X3W2U0k6g2)9J5k6s2k6#2L8r3&6W2M7X3q4T1K9h3I4A6N6s2W2Q4x3X3c8&6L8%4g2Q4x3X3c8V1K9h3c8F1N6q4)9J5k6r3E0F1L8%4N6Q4x3X3c8S2j5X3!0#2N6q4)9J5c8R3`.`.

CVE-2017-11826 Exploited in the Wild with Politically Themed RTF Document

b8aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2k6X3!0J5N6r3W2F1k6i4c8Q4x3X3g2U0L8$3#2Q4x3V1j5J5x3o6p5%4i4K6u0r3x3e0q4Q4x3V1j5J5x3W2)9J5c8X3y4$3k6g2)9J5k6o6t1H3x3e0N6Q4x3X3b7I4x3e0R3J5y4W2)9J5k6r3g2^5M7r3I4G2K9i4c8W2k6q4)9J5k6r3W2F1i4K6u0V1N6r3S2W2i4K6u0V1N6$3W2D9k6q4)9J5k6s2N6A6N6r3S2Q4x3X3c8H3L8$3I4A6N6r3W2U0j5h3I4D9P5g2)9J5k6s2c8Z5k6h3#2W2k6q4)9J5k6s2u0@1k6W2)9J5k6r3c8G2j5%4g2E0k6h3&6@1

Exploiting CVE-2017-5123, a Linux kernel vulnerability in the waitid() syscall

28cK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6j5h3I4D9M7#2)9J5k6h3N6A6N6r3S2#2j5W2)9J5k6h3W2G2i4K6u0r3e0r3W2F1N6i4S2Q4x3X3c8w2k6i4u0F1k6h3I4Q4x3X3c8o6g2V1g2Q4x3X3b7J5x3o6p5%4i4K6u0V1y4e0p5J5x3#2)9J5c8R3`.`.

The path pivot attack (CVE-2017-2619)

545K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4k6r3g2D9N6h3N6J5k6g2)9J5k6h3N6A6N6r3S2#2j5W2)9J5k6h3W2G2i4K6u0r3x3U0l9I4y4#2)9J5c8U0p5I4i4K6u0r3x3o6k6Q4x3V1k6K6j5h3#2T1j5g2)9J5k6s2m8S2N6r3S2Q4x3X3c8H3K9i4k6G2N6q4)9J5k6r3q4@1N6r3q4U0K9#2)9J5c8R3`.`.

Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability

eafK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0D9L8$3N6Q4x3X3g2@1j5h3I4G2M7$3W2F1N6r3g2D9L8r3W2Y4k6h3&6U0k6g2)9J5k6h3y4G2L8g2)9J5c8U0t1H3x3e0N6Q4x3V1j5I4x3g2)9J5c8X3g2^5M7r3I4G2K9i4c8A6L8X3N6Q4x3X3c8U0N6X3g2Q4x3X3b7J5x3o6p5$3i4K6u0V1x3U0x3K6y4q4)9J5k6h3S2@1L8h3H3`.

Getting Local Admin by Abusing the Anti-Virus Quarantine

32bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8$3N6F1k6i4u0Q4x3X3g2K6K9q4)9J5c8U0t1H3x3e0N6Q4x3V1j5I4x3g2)9J5c8X3q4$3k6$3q4@1k6i4u0Q4x3X3c8Y4k6i4c8@1K9h3&6Y4i4K6u0V1L8r3!0U0j5h3I4Q4x3X3c8S2k6r3#2A6L8W2)9J5k6r3u0&6i4K6u0V1j5h3u0#2M7$3W2F1k6#2)9J5k6s2c8Z5k6g2)9J5k6r3q4F1N6r3W2Q4x3X3c8$3K9i4u0#2M7#2)9J5k6s2q4#2j5i4u0S2L8Y4c8A6L8X3g2Q4x3V1j5`.

Application Introspection & Hooking With Frida

a0aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3k6#2P5Y4A6&6M7$3g2U0N6i4u0A6N6s2W2Q4x3X3g2U0L8$3#2Q4x3V1k6@1N6i4c8G2M7X3W2S2L8s2y4Q4x3V1j5J5z5g2)9J5k6h3S2@1L8h3H3`.

Hook the planet! Solving FlareOn4 Challenge6 with libPeConv

fcbK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Z5M7$3S2J5P5X3c8Q4x3X3g2%4L8%4u0V1M7s2u0W2M7%4y4Q4x3X3g2U0L8$3#2Q4x3V1j5J5x3o6p5%4i4K6u0r3x3e0u0Q4x3V1j5H3x3g2)9J5c8X3S2G2L8$3E0Q4x3X3c8@1K9r3g2Q4x3X3c8H3L8r3q4F1k6i4c8Q4x3X3c8K6L8$3I4$3K9h3&6Y4i4K6u0V1k6X3I4S2M7X3g2G2L8U0c8Q4x3X3c8U0K9r3q4D9L8r3g2F1k6$3f1$3i4K6u0V1N6$3W2@1K9q4)9J5k6r3I4A6j5Y4m8W2j5$3!0F1N6W2)9J5c8R3`.`.

Analyzing KaiXin Exploit Kit

1f9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3&6S2L8#2)9J5k6s2y4W2j5#2)9J5k6h3!0J5k6#2)9J5c8U0t1H3x3e0N6Q4x3V1j5I4x3g2)9J5c8X3q4F1j5h3I4&6P5X3W2F1k6#2)9J5k6r3E0S2K9i4S2A6L8W2)9J5k6r3g2^5M7r3I4G2K9i4c8Q4x3X3c8C8K9i4c8Q4x3X3g2Z5N6r3#2D9

Dissecting Golroted Trojan's Process Hollowing Technique & UAC Bypass

52dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4k6C8M7X3g2E0k6i4A6Q4x3X3g2U0L8$3#2Q4x3V1j5J5x3o6p5%4i4K6u0r3x3e0q4Q4x3V1k6D9k6i4c8K6i4K6u0V1L8r3g2S2M7X3&6Q4x3X3c8V1K9i4y4K6k6h3y4@1K9h3&6Y4i4K6u0V1k6$3!0D9M7X3!0@1k6h3c8Q4x3X3c8@1M7X3!0B7j5h3&6K6i4K6u0W2K9s2c8E0L8l9`.`.

Analysis of Malicious Documents- Part 5

9d2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4u0W2M7$3!0#2M7X3y4W2M7#2)9J5k6h3W2F1k6X3!0K6k6h3y4A6L8Y4y4@1K9i4c8#2N6r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6S2L8X3q4D9P5i4y4A6M7#2)9J5k6r3#2S2L8r3W2U0K9h3!0#2M7#2)9J5k6r3c8G2j5%4g2E0k6h3&6@1i4K6u0V1M7r3q4J5N6q4)9J5k6o6g2Q4x3V1j5`.

Windows oneliners to download remote payload and execute arbitrary code

8c8K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2M7X3&6G2x3s2R3H3P5q4)9J5k6i4N6G2M7X3c8H3M7X3g2K6M7#2)9J5k6h3y4G2L8g2)9J5c8U0t1H3x3e0N6Q4x3V1j5I4x3g2)9J5c8U0t1H3i4K6u0r3N6$3W2F1k6r3!0%4M7#2)9J5k6r3!0F1k6h3I4A6L8X3g2J5M7#2)9J5k6s2c8G2i4K6u0V1k6r3!0%4L8X3I4G2j5h3c8Q4x3X3c8J5k6h3#2G2N6r3g2Q4x3X3c8H3j5i4W2D9L8$3q4V1i4K6u0V1j5h3&6V1i4K6u0V1k6i4S2W2j5%4g2@1k6g2)9J5k6r3q4J5j5X3W2@1M7X3q4J5P5g2)9J5k6r3y4G2k6r3g2Q4x3V1j5`.

Digital Forensics – Artifacts of interactive sessions

a84K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3y4G2N6h3&6@1N6i4m8G2L8Y4y4W2j5%4g2J5K9i4c8&6i4K6u0W2j5$3!0E0i4K6u0r3x3U0l9I4y4#2)9J5c8U0p5I4i4K6u0r3x3U0u0Q4x3V1k6V1K9h3N6A6N6r3q4D9i4K6u0V1k6X3!0J5k6h3&6K6K9h3y4K6i4K6u0V1j5i4u0@1K9h3k6S2j5%4c8K6i4K6u0V1L8$3k6Q4x3X3c8A6L8Y4c8W2M7X3q4U0N6r3W2$3k6g2)9J5k6s2y4W2M7%4y4A6L8$3&6K6i4K6u0r3

A Sampling of Anti-Decompilation Techniques

8a8K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2M7X3g2@1x3W2)9J5k6h3W2G2i4K6u0r3x3U0l9I4y4#2)9J5c8U0p5I4i4K6u0r3x3e0k6Q4x3V1k6V1j5h3&6Y4k6i4u0K6i4K6u0V1L8$3k6Q4x3X3c8@1K9r3g2Q4x3X3c8V1k6h3y4G2L8i4m8A6L8r3g2J5i4K6u0r3

Architecture Agnostic Function Detection In Binaries

becK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1K9h3&6S2M7Y4W2Q4x3X3g2F1K9h3&6B7j5g2)9J5c8U0t1H3x3e0N6Q4x3V1j5I4x3g2)9J5c8U0l9$3i4K6u0r3j5i4u0U0K9r3W2@1k6h3y4@1N6i4u0W2i4K6u0V1j5h3N6F1L8%4y4@1K9h3y4Q4x3X3c8X3N6h3&6U0N6r3W2G2L8W2)9J5k6r3c8W2N6r3g2U0N6r3W2G2L8W2)9J5k6r3W2F1i4K6u0V1j5X3W2F1j5i4u0A6k6i4y4Q4x3X3g2Z5N6r3#2D9

Afl-unicorn: Fuzzing Arbitrary Binary Code

b3fK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Z5j5h3y4C8k6i4u0F1L8$3!0F1i4K6u0W2j5$3!0E0i4K6u0r3j5h3k6D9i4K6u0V1N6h3&6A6j5$3!0J5L8W2)9J5k6r3k6#2P5Y4A6A6L8X3N6Q4x3X3c8S2M7X3u0A6N6s2u0S2M7Y4W2Q4x3X3c8T1K9h3&6S2M7Y4W2Q4x3X3c8U0L8$3c8W2i4K6u0V1y4e0j5K6j5$3p5J5z5o6V1K6y4X3u0X3

Neural fuzzing: applying DNN to software security testing

028K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2E0K9h3y4J5L8%4y4G2k6Y4c8Q4x3X3g2U0L8$3#2Q4x3V1k6W2L8W2)9J5k6s2g2K6i4K6u0r3M7X3g2K6k6h3q4J5j5$3S2Q4x3V1k6T1L8r3!0Y4i4K6u0r3L8X3g2#2M7X3q4D9i4K6u0V1k6Y4g2*7P5X3W2F1k6#2)9J5c8R3`.`.

Drammer: Flip Feng Shui Goes Mobile

ebbK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2$3N6i4y4W2j5#2)9J5k6h3&6W2N6q4)9J5c8Y4m8J5L8$3A6W2j5%4c8K6i4K6u0r3k6s2u0S2L8h3#2W2M7W2)9J5c8R3`.`.

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・7

免费・0

支持

分享

最新回复 (2)
toToC 雪币： 62 活跃值： (27) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 62 粉丝 1 关注私信	toToC 2 楼赞 2017-12-4 10:40 0
TopC 雪币： 7149 活跃值： (2051) 能力值： ( LV3，RANK：30 ) 在线值：发帖 10 回帖 228 粉丝 10 关注私信	TopC 3 楼感谢分享 2017-12-4 11:00 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

返回

BDomne

发帖

回帖

RANK

他的文章

看雪公众号

专注于PC、移动、智能设备安全研究及逆向工程的开发者社区