Android安全技術周報 11.17 - 11.23

Malware

1. McAfee 對一款可能與Lazarus 網路犯罪集團有聯繫的 Android 惡意軟體的分析

https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-appears-linked-to-lazarus-cybercrime-group/

2. Operation Blockbuster Goes Mobile

https://researchcenter.paloaltonetworks.com/2017/11/unit42-operation-blockbuster-goes-mobile/

http://bobao.360.cn/learning/detail/4738.html

3. 2017安卓應用第三方SDK威脅概況

http://bobao.360.cn/learning/detail/4726.html

4. Play Store上重現的銀行木馬技術分析

https://blog.avast.com/mobile-banking-trojan-sneaks-into-google-play-targeting-wells-fargo-chase-and-citibank-customers

https://clientsidedetection.com/new_campaigns_spread_banking_malware_through_google_play.html

5. Wiko手機被曝收集用戶數據

http://www.frandroid.com/marques/wiko/471870_wiko-sts-collecte-donnees-personnelles

6. 揭秘微信分享背後的套路

http://www.freebuf.com/articles/web/153710.html

7. 1毛錢可以買100個網路賬戶？揭秘帳號被盜後的黑產攻防戰

https://mp.weixin.qq.com/s/9305SCrCpvcearGkuyecAg

8. 新型LINUX/AES.DDOS IoT 惡意軟體分析 Part 1

https://lloydlabs.github.io/post/aes-ddos-analysis-part-1/

Tech

1. 安卓逆向工程：反彙編與代碼注入

http://www.syssec-project.eu/m/page-media/158/syssec-summer-school-Android-Code-Injection.pdf

2. 隱寫術，惡意軟體的避風港

https://securityintelligence.com/steganography-a-safe-haven-for-malware/

3. Android Malware Detection using Markov Chain Model of Application Behaviors in Requesting System Services

https://arxiv.org/pdf/1711.05731.pdf

4. 利用 Google 的 SafetyNet Attestation API 實現 Android 應用完整性檢查（Application Integrity Security Control）

https://census-labs.com/news/2017/11/17/examining-the-value-of-safetynet-attestation-as-an-application-integrity-security-control/

5. Dangers of the Decompiler, A Sampling of Anti-Decompilation Techniques

https://blog.ret2.io/2017/11/16/dangers-of-the-decompiler/

http://bobao.360.cn/learning/detail/4732.html

https://xianzhi.aliyun.com/forum/topic/1602/

6. AndroVault - 為自動化分析構建數以百萬計的Android應用程序知識圖譜（Paper）

https://arxiv.org/pdf/1711.07451.pdf

7. 逆向分析的一些資源

https://github.com/wtsxDev/reverse-engineering

8. Malware-Analysis - 惡意軟體分析工具和資源列表

https://github.com/wtsxDev/Malware-Analysis

9. 信息安全Cheatsheet合集

https://www.peerlyst.com/posts/the-complete-list-of-infosec-related-cheat-sheets-claus-cramon?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_resource

10. Machine Learning, Offense, and the future of Automation

https://docs.google.com/presentation/d/16BWLRm4aNdxToJO-_63s1gLlw-hbSXlQE-jSzzsHkIw/edit

11. 當禁用位置服務時，Google依然在收集Android 用戶信息

https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/

12. 內核安全之雙內核與內核分離

http://static.securegoose.org/papers/ccs14.pdf

Tool

1. Droidefense - 一款高級 Android 惡意軟體分析框架

https://github.com/droidefense/engine

2. IFL - IDA Pro 的一款插件，用於生成可以導航的函數引用列表

https://github.com/hasherezade/ida_ifl

3. idaplugins-list - 一份 IDA Plugin列表

https://github.com/onethawt/idaplugins-list/blob/master/README.md

4. bincat - 一款二進位代碼靜態分析器

https://securityonline.info/bincat-binary-code-static/

5. SG1 - 數據加密、提取和轉換的工具

https://github.com/evilsocket/sg1

Vulnerability

1. Android藍牙遠程命令執行漏洞利用實踐:Exploit優化

https://xianzhi.aliyun.com/forum/topic/1521/

2. Linux內核漏洞可能導致特權升級分析（CVE-2017-1000112）

http://www.freebuf.com/vuls/154300.html

3. 深度- Java 反序列化 Payload 之 JRE8u20

https://mp.weixin.qq.com/s?__biz=MzI5Nzc0OTkxOQ==&mid=2247483738&idx=1&sn=dd5ec08b7229b368d8f820d8376d2f8a&chksm=ecb11daadbc694bc2d56bad5584e43b1c844af96145086bd926f2f77d8f171e1a40fcfa0e536&mpshare=1&scene=1&srcid=11207v7VJcif9KICIS3kZ0dK#rd

4. Jdk7u21 反序列化漏洞Gadget原理

http://blog.csdn.net/u011721501/article/details/78607633

5. Java-Deserialization-Cheat-Sheet - Java 反序列化漏洞利用速查表

https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet

6. 模糊測試的藝術與應用實例

https://sec-consult.com/en/blog/2017/11/the-art-of-fuzzing-slides-and-demos/index.html

7. AngelaRoot：An app which escalates OnePlus root privilege on device and installs SuperSU through newly vulnerability "angela root"

https://github.com/sirmordred/AngelaRoot

8. Linux Kernel 3.11 < 4.8 0 SO_SNDBUFFORCE SO_RCVBUFFORCE 本地提權漏洞利用

https://cxsecurity.com/issue/WLB-2017050084

9. CVE-2017-16544 Busybox自動完成漏洞

https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/

10. Linux 內核 net/ipv4/inet_connection_sock.c inet_csk_clone_lock Double Free 漏洞（CVE-2017-8890）PoC:

https://github.com/hardenedlinux/offensive_poc/tree/master/CVE-2017-8890

11. 幾個遠程 WiFi 漏洞的 PoC (CVE-2017-11013 / 14 / 15)

https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/commit/4ed3e7dd2ca6e68247ab5323fbf49340c02a4f8f

12. 一份 HackerOne 的 Android 報告與資源收集

https://github.com/B3nac/Android-Reports-and-Resources

13. POMP: 硬體輔助的程序崩潰分析

https://mp.weixin.qq.com/s/RKLbKMvIBZ4gsNrBX1R2Mg

推薦閱讀：