google project zero最新发了关于安卓系统的三篇文章,读起来很精彩,分别详细阐述了对于黑客野外攻击chrome和kernel利用链的详细细节和一些技术分享。因而分享到这里,供大家学习。
对于chrome的野外攻击利用的类型d41K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4L8$3!0Y4L8r3g2H3M7X3!0B7k6h3y4@1P5X3g2J5L8#2)9J5k6h3u0D9L8$3N6K6M7r3!0@1i4K6u0W2j5$3!0E0i4K6u0r3x3U0l9J5x3g2)9J5c8U0l9I4i4K6u0r3K9h3&6Q4x3X3c8%4K9h3I4V1i4K6u0V1M7$3g2J5K9h3g2K6i4K6u0V1j5$3S2J5L8$3#2W2i4K6u0V1k6i4S2H3L8r3!0A6N6s2y4Q4x3X3g2Z5N6r3#2D9
对于android kernel层的漏洞d82K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4L8$3!0Y4L8r3g2H3M7X3!0B7k6h3y4@1P5X3g2J5L8#2)9J5k6h3u0D9L8$3N6K6M7r3!0@1i4K6u0W2j5$3!0E0i4K6u0r3x3U0l9J5x3g2)9J5c8U0l9I4i4K6u0r3K9h3&6Q4x3X3c8%4K9h3I4V1i4K6u0V1M7$3g2J5K9h3g2K6i4K6u0V1j5h3&6V1M7X3!0A6k6q4)9J5k6r3g2^5M7r3I4G2K9i4c8K6i4K6u0W2K9s2c8E0L8l9`.`.
利用后续的技巧,比如经常写入哪些文件,如何隐藏等。fd1K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4L8$3!0Y4L8r3g2H3M7X3!0B7k6h3y4@1P5X3g2J5L8#2)9J5k6h3u0D9L8$3N6K6M7r3!0@1i4K6u0W2j5$3!0E0i4K6u0r3x3U0l9J5x3g2)9J5c8U0l9I4i4K6u0r3K9h3&6Q4x3X3c8%4K9h3I4V1i4K6u0V1M7$3g2J5K9h3g2K6i4K6u0V1j5h3&6V1M7X3!0A6k6q4)9J5k6s2m8G2M7%4c8Q4x3X3c8W2P5s2m8D9L8$3W2@1j5i4c8A6L8$3&6Q4x3X3g2Z5N6r3#2D9
从文章中可以看到chrome有最新的0-day和n-day攻击,但android kernel层利用的比较古老,是两年前的漏洞,且开源。还可以发现,后续的payload远程操控下载,直接落地使用完即删除,且加密或者混淆,对于发现这些充满挑战。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
