Security News | 安全資訊 (2015-12-21)

Android

• POC for CVE-2015-6620: AMessage unmarshal arbitrary write
• Attacking Bound Services on Android
• Re: CVE-2015-8088: Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone (previous report)

iOS

• iOS Trojan "TinyV" Attacks Jailbroken Devices, writeup, samples
• ios-kerneldocs: Various files helping to better understand the iOS / WatchOS / tvOS kernels
• jtool

Linux

• Back to 28: Grub2 Authentication 0-Day
• A Moose Once Bit My Honeypot A Story of an Embedded Linux Botnet
• How to emulate executable with Medusa and python (part 0)

Web

• Powered by JavaScript

Network

• Another “critical” “VPN” “vulnerability” and why Port Fail is bullshit
• How Tor Works: part 1, part 2, part 3
• t50: mixed packet injector tool

Windows

• Internet Explorer 11 MSHTML!CObjectElement Use-After-Free Vulnerability (MS15-124)
• Exploit upgrade for Microsoft Word Intruder crimeware kit
• Bypassing Windows ASLR in Microsoft Office using ActiveX controls
• MS15-010 / CVE-2015-0057 Exploitation
• Sexrets of LoadLibrary
• The EPS Awakens: part 1, part 2
• Microsoft OneNote 2013 DOS (NULL POINTER READ) and Possible RCE

Flash

• Adobe Flash TextField.antiAliasType Setter Use-After-Free
• Angler EK最新CVE-2015-8446 Flash Exploit分析 (Chinese)

Tool

• Mosca: Static analysis tool to find bugs like a grep unix command
• Maltrail: Malicious traffic detection system
• Bytecode viewer
• chw00t: chroot escape too
• Ares: Ares is a Python Remote Access Tool.
• Awesome Honeypots: A curated list of awesome honeypots, tools, components and much more. The list is divided into categories such as web, services, and others, focusing on open source projects.
• fREedom: fREedom is a primitive attempt to provide an IDA Pro independent means of extracting disassembly information from executables for use with binnavi (https://github.com/google/binnavi).

Misc

• Jenkins CLI RMI Java Deserialization
• The Beginner's Guide to IDAPython
• The Apple threat landscape
• Avast: stack buffer overflow, strncpy length discarded
  • cxsecurity
• PS4 kernel exploit tease (root FS dump, and list of PIDs) Raw
• Runtime DirectX Hooking
• PS4 security article follow up
• DeepSec
  • File Format Fuzzing in Android
  • Not so Smart On Smart TV Apps
  • ZigBee SmartHomes A Hackers Open House
• FireEye Exploitation: Project Zero’s Vulnerability of the Beast
• Unicorn VS. Malware
• Files Are Hard
• Hacking the PS4, part 3, Kernel exploitation
• CVE-2015-7755: Juniper ScreenOS Authentication Backdoor
• Better visualization of data formats using assembly POC's to better implement them in C
• Securing Application Software in Modern Adversarial Settings
• Mac-SE Easter Egg

CTF

• CTF & practice exploit collection

Conference

• ACSAC
  • program
• BotConf
  • program

Source

The resources are collected in various sources such as blog feeds, Twitter and Weibo. Here, I list some of my personally favorite sources.

• Security feeds in my subscriptions, download OPML
• Security guys in my Twitter following.
  • Tweets of @binitamshah
• Security guys in my Weibo following.
  • 每日安全动态推送 from Weibo @腾讯玄武实验室 (Chinese)