Security News | 安全資訊 (2016-01-09)

Android

• Nexus Security Bulletin - January 2016
  • For Elevation of Privilege Vulnerability in Kernel (CVE-2015-6640): diff
• Vulnerability in Blackphone Puts Devices at Risk for Takeover

iOS/OS X

• smc-fuzzer: Apple SMC (System Management Controller) API fuzzer
• itrace: trace objc method call for ios and mac
• iOS 8.1.2 越狱过程详解及相关漏洞分析 (Chinese)

Linux

• CVE-2014-2851 group_info UAF Exploitation
• writeup
• Original cause: A post from mailing list
• POC
• Ubuntu 14.04 LTS, 15.10 overlayfs - Local Root Exploit
• Demystifying the Execve Shellcode (Stack Method)

Web

• An integer overflow in Firefox 43? POC
• SSD Advisory – Yahoo RSS Reader XXE Vulnerability (CFAJAX)
• On The Design and Implementation of a Stealth Backdoor for Web Applications
• phpecc/phpecc - Timing side-channel in ECDSA signature verification
• DOM XSS 101 Walk-Through
• Firejail – A Security Sandbox for Mozilla Firefox
• Nodejs Remote Memory Disclosure
• On The Design and Implementation of a Stealth Backdoor for Web Applications

MS-related

• Threat intelligence report - Exploits
• Attack Methods for Gaining Domain Admin Rights in Active Directory
• Use Chakra engine again to bypass CFG
• DLL Loading Technique used in ZeroAccess
• Bypassing Protections: Reversing and Recreating a Protected DLL
• Investigating Memory Analysis Tools – SSDT Hooking via Pointer Replacement

Tool

• HardSploit: [HARD]ware ex[PLOIT]ation. The essential security auditing tool for Internet of Things devices you'll need in your toolbox
• Using IDAPython to Make Your Life Easier: Part 1
• gethead.py: gethead.py is a Python HTTP Header Analysis Vulnerability Tool. It identifies security vulnerabilities and the lack of protection in HTTP Headers.
• XOR Known-Plaintext Attack: When data is XOR-encrypted with a repeating key and you known some of the plaintext, you can perform a simple known-plaintext attack. Because when you XOR the ciphertext with the plaintext, you recover the key-stream.
• capFunc: IDA Python Script that Disassembles Functions with Capstone
• TCP Reverse Shell with Password Prompt - 151 bytes
• Stenographer: Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets.

Misc

• libtiff bmp file Heap Overflow (CVE-2015-8668)
• a problem with LLVM's undef
• The basics of clustering behind Deepviz part 1, part 2
• WINKHUB - Command Execution Vuln demo
• Incident Report: SHA-1 Certificates issued after 31 December 2015
• On the dangers of a blockchain monoculture
• GunCon3 Reversing and Linux Driver
• MEDCIN Engine Exploitation
• An update on the backdoor in Juniper’s ScreenOS (Bob: worth reading)

Conference

• ekoparty Security Conference - 11th edition, video
• 32c3
  • Release
  • Collective Authorities: Securely Decentralising Trust at Scale
  • Datahavens: From HavenCo to Today
  • Tools for Red Star OS
  • The Great Train Cyber Robbery, video
  • New memory corruption attacks: why can't we have nice things?
  • Hardware-Trojaner in Security-Chips
• NDSS '16
  • Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy
• ToorCon 2015
  • Rapid Radio Reversing
• TetCon 2016
  • Android obfuscation techniques and deobfuscation strategies and tools such as dex-oracle and Simplify.

CTF

• Write up: 2015 Sans Holiday Hack Challenge
• 32C3 CTF – Android Reverse-Engineering libdroid
• ESET CrackMe Challenge 2015 Walkthrough

Source

The resources are collected in various sources such as blog feeds, Twitter and Weibo. Here, I list some of my personally favorite sources.

• Security feeds in my subscriptions, download OPML
• Security guys in my Twitter following.
  • Tweets of @binitamshah
• Security guys in my Weibo following.
  • 每日安全动态推送 from Weibo @腾讯玄武实验室 (Chinese)