Android安全技術周報 10.27 - 11.02

System

1. Android 8.0 Oreo的新特性Adaptive Icons使數千安卓手機無限重啟

由一位Android app的開發者在其app的Google Play頁面來自用戶的評論中發現。據稱，他只是無意中將某xml文件中定義的某圖片的文件名跟當前xml文件名重名了(比如ic_launcher_main.xml和ic_launcher_main.png)，導致了循環引用，引發app的crash、桌面Launcher應用crash，最終無限重啟。導致用戶只能恢復出廠設置。而這種bug只會在使用了Adaptive Icons的app上發生。而這一點在他用於開發app的Android Studio中並沒有給出提示，因為這種情況只有在真機上才能發現。

https://www.bleepingcomputer.com/news/mobile/android-oreo-adaptive-icons-bug-sends-thousands-of-phones-into-infinite-boot-loops/

開發者向Google提交的bug詳情

https://issuetracker.google.com/issues/68716460

2. Formal validation of the Arm v8-M :

https://alastairreid.github.io/papers/oopsla2017-whoguardstheguards-slides.pdf

3. Linux device driver labs 的網站，網站上有 Linux 內核驅動的大量文檔

https://linux-kernel-labs.github.io/

Malware

1. VirtualApp技術黑產利用研究報告

http://www.freebuf.com/articles/paper/152091.html

2. 手機挖礦惡意軟體再度回歸 Google play

http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/

malicious Android app delivers Coinhive via JavaScript

https://www.joesecurity.org/reports/report-fc1e08187de3f4b7cb52bd09ea3c2594.html

3. 竊私病毒染指社交軟體，安天移動安全與獵豹聯合披露

http://www.freebuf.com/articles/terminal/151622.html

Tech

1. IDA Pro 全面切換到 64 位架構之後 Python 環境常見的幾個問題

http://www.hexblog.com/?p=1132

2. 使用 BRIDA 實現高級移動端滲透測試

https://techblog.mediaservice.net/wp-content/uploads/2017/10/HackInBo-2017-Winter-Edition-Federico-Dotta-Advanced-mobile-penetration-testing-with-Brida-141017.pdf

3. 利用 dex-oracle 對 Android 惡意軟體進行反混淆

https://rednaga.io/2017/10/28/hacking-with-dex-oracle-for-android-malware-deobfuscation/

https://github.com/CalebFenton/dex-oracle

http://bobao.360.cn/learning/detail/4634.html

4. Android SO 高階黑盒利用

http://bobao.360.cn/learning/detail/4622.html

5. 逆向分析及修復稀土掘金iOS版客戶端閃退bug

http://www.jianshu.com/p/c0920f66bf0a

6. 逆向分析框架 Radare2 的手冊

https://radare.gitbooks.io/radare2book/content/

7. 如何有效收集公開來源的威脅情報

http://www.freebuf.com/sectool/152201.html

8. 逆向實踐：批量驗證微信號是否存在

http://www.freebuf.com/articles/terminal/151937.html

9. 軟體安全構建成熟度模型演變與分析

http://www.freebuf.com/articles/es/151822.html

10. D-Link系列路由器漏洞挖掘入門

https://paper.seebug.org/429/

11. CTF之RSA加密演算法

http://bobao.360.cn/learning/detail/4617.html

12. 黑客適用的貝葉斯數學

https://camdavidsonpilon.github.io/Probabilistic-Programming-and-Bayesian-Methods-for-Hackers/

13. Adversarial Machine Learning:Approaches & defences

https://www.nccgroup.trust/globalassets/our-research/uk/whitepapers/2017/ncc_group_whitepaper_-adversarial-machine-learning-approaches-and-defences.pdf

14. 利用像素攻擊愚弄深層神經網路(Paper)

https://arxiv.org/pdf/1710.08864.pdf

15. CLDAP反射放大攻擊超過SSDP和CharGen成為第三大反射型DDoS攻擊

http://blog.netlab.360.com/cldap-is-now-the-3rd-reflection-amplified-ddos-attack-vector-surpassing-ssdp-and-chargen/

16. Chrome OS基於EXT4 Encryption的用戶數據安全保護機制

http://www.iceswordlab.com/2017/10/30/ChromeOS-Userdata-Protection-Mechanism-Based-On-EXT4-Encryption/

17. 基於異常行為的未知勒索軟體檢測

https://paper.seebug.org/431/

Conf & Mag

1. Videos of 44CON 2017 talks and workshops

https://vimeo.com/ondemand/44con2017

2. 第24 屆 CCS 2017 會議公開了 Accepted Papers：

https://acmccs.github.io/papers/

3. DroidCon London 2017 PPT

https://github.com/brompwnie/DroidConLondon2017

4. ekoparty security conference 視頻：

https://www.youtube.com/channel/UCiVNwNkoMapaeyr9o6XEonA

5. PoC GTFO 雜誌第 0x16 期

http://openwall.info/wiki/_media/people/solar/pocorgtfo16.pdf

Tool

1. Crypton - F5 Networks 研究員開發的一個工具，用於解密惡意樣本中的加密內容，提高惡意軟體逆向分析效率

https://www.virusbulletin.com/blog/2017/10/vb2017-paper/

2. moloch：網路流量回溯分析系統

http://bobao.360.cn/learning/detail/4615.html

3. kernelpop is a framework for performing automated kernel exploit enumeration on Linux, Mac, and Windows hosts.

https://github.com/spencerdodd/kernelpop

4. Droidefense: Advance Android Malware Analysis Framework

https://github.com/droidefense/engine

5. Diamorphine - LKM Rootkit for Linux Kernels 2.6.x/3.x/4.x

http://www.kitploit.com/2017/11/diamorphine-lkm-rootkit-for-linux.html

https://github.com/m0nad/Diamorphine

6. Reptile - LKM Linux rootkit

https://github.com/f0rb1dd3n/Reptile

7. ASLRay：一個可以繞過ASLR的工具

http://www.freebuf.com/sectool/151426.html

8. ChromeZero - Chrome 的一個擴展，它可以通過策略細粒度控制 JavaScript 的介面和函數，限制網站 JS 的危險行為

https://github.com/IAIK/ChromeZero

Vulnerability

1. Android藍牙遠程命令執行漏洞利用實踐:從PoC到Exploit

https://paper.seebug.org/430/

BlueBorne演示中的POC

https://github.com/ArmisSecurity/blueborne

2. PaX/Grsecurity 新手教程

https://github.com/hardenedlinux/grsecurity-101-tutorials

3. CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok()(Disable SELinux)

http://www.openwall.com/lists/oss-security/2017/10/25/2

4. Smashing the Stack for Fun & Profit : Revived

https://avicoder.me/papers/pdf/smashthestack.pdf

5. Linux內核音頻子系統UAF內存漏洞（CVE-2017-15265）技術分析

http://bobao.360.cn/learning/detail/4616.html

https://mp.weixin.qq.com/s?__biz=MzAwNTI1NDI3MQ==&mid=2649612952&idx=1&sn=fc1ba9d47e4029c6f1e93a88ceb5dc34&chksm=83063f88b471b69e84a3d23e29126ca2ba11755266e893592844c7585ad09f2b67c9b7941236&mpshare=1&scene=1&srcid=1026UkpcTUizu5b8Qo5xMr0j&pass_ticket=JYFRTg3ccilZEWH95TAEQ6%2B7gFO0VdQ6Vnh4BWTc0B4%2BnayRpLhld%2BFojsh3Bf8O

6. 使用 Voltage Fault Injection 實現 Linux 本地提權(Paper)

https://www.riscure.com/uploads/2017/10/Riscure_Whitepaper_Escalating_Privileges_in_Linux_using_Fault_Injection.pdf

7. 使用手機攻擊藍牙智能鎖設備：

https://smartlockpicking.com/tutorial/how-to-pick-a-ble-smart-lock-and-cause-cancer/

http://bobao.360.cn/learning/detail/4614.html

8. 關於國外知名互聯網公司開源軟體代碼安全缺陷的分析報告

http://bobao.360.cn/learning/detail/4619.html

9. 揭秘：兩張A4紙破解虹膜、人臉識別，百度安全技術小哥怎麼做到的？

https://mp.weixin.qq.com/s/zq7D8YzjljJ8rsteib1ljA

10. 漏洞挖掘高級方法

http://bobao.360.cn/learning/detail/4637.html

11. Gattacking Bluetooth Smart Devices

https://github.com/securing/docs/blob/master/whitepaper.pdf