Android安全技術周報 08.25 - 08.31
System Internals
1.Android Oreo 中的內核加固:
https://android-developers.googleblog.com/2017/08/hardening-kernel-in-android-oreo.html
Malware
1. Android WireX DDOS BOTNET
https://threatpost.com/mobile-wirex-ddos-botnet-neutralized-by-collaboration-of-competitors/127680/
http://bobao.360.cn/learning/detail/4323.html
http://bobao.360.cn/learning/detail/4326.html
2.趨勢科技對安卓端勒索軟體威脅分析:
http://blog.trendmicro.com/trendlabs-security-intelligence/android-mobile-ransomware-evolution/
3.android惡意軟體樣本集
https://github.com/fs0c131y/Android-Malwares
https://github.com/ashishb/android-malware
Tech
1.物聯網中的 ARM 漏洞利用:
https://mp.weixin.qq.com/s/VSWhMKjhq2Ge4bNvd7YBiA
2.Large Scale Malware Detection by Mining File-relation Graphs
https://www.cc.gatech.edu/~dchau/papers/14_kdd_aesop.pdf
3.Anti-disassembly on ARM (IDA, specifically)
https://kbdsmoke.me/anti-disassembly-on-arm-ida-specifically/
4.通過簡單的統計分析解碼惡意軟體
https://blog.nviso.be/2017/08/30/decoding-malware-via-simple-statistical-analysis/
5.大數據時代下的隱私保護:
https://mp.weixin.qq.com/s/Gykx7qrRUL6qgE7hT6hhPA
6.branch prediction 歷史介紹:
https://danluu.com/branch-prediction/
7. MIT 的《計算機系統安全》課程:
https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014/index.htm
8.AI訓練演算法易被藏後門
https://arxiv.org/pdf/1708.06733v1.pdf
9.安全相關的優秀演講集合
https://github.com/PaulSec/awesome-sec-talks
10.即時(JIT)編譯器原理課程:
https://hacks.mozilla.org/2017/02/a-crash-course-in-just-in-time-jit-compilers/
11.Gazing at Gazer,針對 Turla APT 組織的最新分析報告:
https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf
12.Rolf Rolles 和 M?bius 公開了許多之前關於逆向工程的研究:
http://www.msreverseengineering.com/research
Tool
1.Android通用反混淆工具
https://github.com/CalebFenton/simplify
2.Pharos二進位靜態分析工具
https://insights.sei.cmu.edu/sei_blog/2017/08/pharos-binary-static-analysis-tools-released-on-github.html
3.Nili - 一款集網路掃描、中間人攻擊、協議逆向與 Fuzz 為一體的工具:
https://github.com/niloofarkheirkhah/nili
Vulnerability
1.ntethered initroot,在摩托羅拉設備實現不完美的越獄:
https://alephsecurity.com/2017/08/30/untethered-initroot/
2.內核條件競爭->Double Free 漏洞的利用和緩解措施:
http://blog.ptsecurity.com/2017/08/linux-block-double-free.html
Conf
1.HITB GSEC 2017 大會部分演講議題 PPT
https://gsec.hitb.org/materials/sg2017/
2.ISS 2017網路生態峰會PPT
鏈接: http://pan.baidu.com/s/1sl4qPPF 密碼: 3ps6
推薦閱讀:
※如何看待與魅藍 note 3 配置相同的 OPPO R9 比魅族貴 2000 元?
※魅族Pro6s對比Pro6的升級能否配得上s的尾號?
※目前市面上的 Android 手機中哪些機型刷機最困難?
※微軟統一全平台的經驗對 Chrome OS 與 Android 的融合有什麼借鑒意義?
※哪個 Android 模擬器比較流暢?
TAG:Android |