Security News | 安全資訊 (2015-12-06)

Mobile

• Qualcomm Trustzone vulnerability leads to Droid Turbo bootloader unlock
• Android应用程序通用自动脱壳方法研究 (Chinese)
• Hacking Smartwatches - the TomTom Runner: part 1, part 2, part 3
• Adware.iPhoneOS.Muda.a
• Defeating SSL Pinning in Coin's Android Application
• Qualcomm Snapdragon 805 TrustZone Vulnerability
• 揭开山寨应用的伪装面具 (Chinese)
• Rootnik Android Trojan Abuses Commercial Rooting Tool and Steals Private Information

Linux

• Easy File Sharing Web Server v7.2 - Remote SEH Buffer Overflow (DEP Bypass With ROP)
• Centos 7.1/Fedora 22 - abrt Local Root
• The most dangerous function in the C/C++ world
• From remote shell to remote terminal
• MMD-0045-2015 - KDefend: a new ELF threat with a disclaimer
• Full disclosure: remote code execution in wget+dietlibc
• Fuzzing Math - miscalculations in OpenSSL's BN_mod_exp (CVE-2015-3193)

Windows

• Nuclear Pack loads a fileless CVE-2014-4113 Exploit
• Chimera Crypto-Ransomware Wants You (As the New Recruit)
• Understanding and Exploiting JSON Web Services Data with PowerShell
• Thoughts on Exploiting a Remote WMI Query Vulnerability
• Windows-Prefetch-Parser
• Get username from PID in VB.NET
• Bypassing Windows ASLR in Microsoft Office using ActiveX controls

Web

• Browser mitigations against memory corruption vulnerabilities
• Using HEAD to optimize Time Based SQL Injection
• Data Exfiltration via Blind OS Command Injection

Network

• ElasticZombie Botnet - Exploiting Elasticsearch Vulnerabilities
• IPv6 Hardening Guide for Linux Servers
• DNS Tunnelling Forensics

IoT

• Belkin N150 Wireless Home Router F9K1009 v1 - Multiple Vulnerabilities
• Implementation of an rc4 attack
• New utility that displays the details of all MMC snap-ins installed on your system
• Huawei Wimax routers vulnerable to multiple threats

Tool

• Vagrant CTF Box
• A gentle introduction to fuzzing C++ code with AFL and libFuzzer
• Writing a Simple Mach-O Parser with Python ctypes
• Limon Sandbox for Analyzing Linux Malwares
• GNU Coreutils Gotchas - something that will "get you"
• PathArmor context-sensitive CFI implementation
• ClassyShark - ClassyShark is a handy browser for Android executables.
• Enjarify
• Xiaopan OS - Easy to use pentesting distribution for wireless security enthusiasts
• Filealyzer – Analyze Files – Read PE Information
• rr: Record and Replay Framework
• Snyk's public vulnerability database
• vuvuzela - Private messaging system that hides metadata
• Snyk's public vulnerability database
• Defusing a binary bomb with gdb
• mitmproxy: release v0.15
• Automatic MIME Attachments Triage Slides, GitHub
• Maltrail is a malicious traffic detection system
• Automates sslstrip arp spoofing MITM attack.
• Python botnet and backdoor

Misc

• Reverse Engineering the BMW i3 API
• Cutting the Lights: Vulnerabilities in a Billboard Lighting System
• The Anatomy of an Executable
• A DIY Cat (or dog. or human) Feeder powered by node
• Week of Continuous Intrusion - Day 1 - Jenkins
• China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets
• Scrum is all around or: How to stop Continuous Integration
• Building a Product Security Team
• Anti-Disassembly techniques used by malware part 1, part 2
• 360MarvelTeam虚拟化漏洞第三弹 - CVE-2015-7504 漏洞分析（含高清视频） (Chinese)
• Oracle BeeHive 2 Code Execution
• REhint's Zeronights 2015
• Botconf 2015 Wrap-Up
• Australian Cyber Security Center 2015 Report
• BSides Vienna 2015 Slides
• Duplicate Signature Key Selection Attack in Let's Encrypt
• A Technical Breakdown of ModPOS
• DEFCON 23 Presentation
• Security Advisory: AOL Desktop MiTM Remote File Write and Code Execution

CTF & Writeup

• CMU Binary Bomb meets Symbolic Execution and Radare
• http://zoczus.blogspot.hk/2015/11/ctf-9447-ctf-web200-nicklesndimes-write.html
• Sources for all #9447CTF challenges
• 9447 CTF 2015 - fibbed Writeup
• Solving the Binary Zone Forensic Challenge #4

Source

The resources are collected in various sources such as blog feeds, Twitter and Weibo. Here, I list some of my personally favorite sources.

• Security feeds in my subscriptions, download OPML
• Security guys in my Twitter following.
  • Tweets of @binitamshah
• Security guys in my Weibo following.
  • 每日安全动态推送 from Weibo @腾讯玄武实验室 (Chinese)