Security News | 安全資訊 (2015-11-23)

As a security researcher, I read a lot materials such as news, reports, tools, slides and blogs on various topics. Therefore, I plan to summarize and list them here weekly. I will also write some comments on interesting topics. If you find any important things are not listed, please ping me on Twitter (or other channels). Enjoy!

Mobile

• Report of the Manhattan District Attorney’s Office on smartphone encryption and public safety.
  • TNW News: older versions of Android can easily be remotely reset by Google if compelled by a court order, allowing investigators to easily view the contents of a device.
• Windows Phone 8 Case Study: Forensic Arifacts & Challenges
• Breaking into and Reverse Engineering iOS Photo Vaults
• iOS 9 Reverse Engineering with JavaScript
• Mobile Security News Update November 2015. Monthly news summary on mobile security.

Linux

• Automating Linux meory capture
• Defusing a binary bomb with gdb, Part 1, Part 2
• Data Exfiltration via Blind OS Command Injection

Windows

• Introducing WMIOps, and Github Repo
• A king's ransom: an analysis of the CTB-locker ransomware
• DLL Hijacking Like a Boss!
• Plumbing the Depths: ShellBags
• Windows ShellBags forensics in depth
• DLL/PIC Injection on Windows from Wow64 process
• Destroying The Encryption of Hidden Tear Ransomware
• Windows Sandbox Attack Surface Analysis
• A Guide to Malware Binary Reconstruction

Web

• PHP static code analysis vs ~1000 top wordpress plugins = 103 vulnerable plugins found. Most of them are XSS. Be careful when using WordPress and its plugins.
• XSSER, demo - From XSS to RCE 2.0 - Black Hat Europe Arsenal 2015
• Even the LastPass Will be Stolen, Deal with It!

Network

• Evil DNS tricks

Database

• NoSQL Forensics
• Don't Drop that Table: A Case Study in MySQL Forensics

Tool

• Rekall Memory Forensics, homepage and Github
• Evading Defenses with Acidrain, Powershell, Github and Pastebin
• HoneyPy: a low interaction honeypot
• APK Studio: cross-platform Qt5 based IDE for reverse-engineering android applications
• Router Exploitation Toolkit - REXT: small toolkit for easy creation and usage of various python scripts that work with embedded devices
• pemcracker: Tool to crack encrypted PEM files
• PowerTools: PowerTools is a collection of PowerShell projects with a focus on offensive operations
• IDA Pro Quick Reference Sheet

Misc

• Tor forensics on Windows OS
• Break a dozen secret keys, get a million more for free
• Hacking GCN via OpenGL
• UAV (aka drone) Forensics
• TIFU by using Math.random()
• A Forensic Look at Bitcoin Cryptocurrency
• x86 Assembly Guide
• Inspecting Heap Objects with LLDB
• Best of Oracle Security 2015
• No money, but Pony! From a mail to a trojan horse

Conference

• 32C3 halfnarp is online.

CTF

• RuCTF. RuCTFE 2015 started on November 21 at 10:00 UTC and lasted for 9 hours.
  • scoreboard
  • repo

Source

The resources are collected in various sources such as blog feeds, Twitter and Weibo. Here, I list some of my personally favorite sources.

• Security feeds in my subscriptions, download OPML
• Security guys in my Twitter following.
  • Tweets of @binitamshah
• Security guys in my Weibo following.
  • 每日安全动态推送 from Weibo @腾讯玄武实验室 (Chinese)