Android安全技術周報 09.15 - 09.21
System Internals
1. Android Google Play集成Google Play Protect 防護服務,新添加了一個 SafetyNet Verify Apps API 的特性,開發者可以從 Verify Apps API 獲得已安裝 APP 的安全狀態:
https://android-developers.googleblog.com/2017/09/safetynet-verify-apps-api-google-play.html
2. SELinux in Android Oreo or: How I Learned to Stop Worrying and Love Attributes
http://events.linuxfoundation.org/sites/events/files/slides/LSS%20-%20Treble%20%27n%27%20SELinux.pdf
另外一篇關於SELinux的paper 《The Case for Security Enhanced (SE) Android》
https://events.linuxfoundation.org/images/stories/pdf/lf_abs12_smalley.pdf
Malware
1. 高級 SMS 惡意軟體 "ExpensiveWall" 感染數百萬個 Android 設備
https://threatpost.com/premium-sms-malware-expensivewall-infects-millions-of-android-devices/127976/
2. Android SQ 病毒發展史:
http://www.freebuf.com/articles/system/146504.html
3. Android FlexiSpy 間諜軟體深入分析:
http://www.fortiguard.com/events/2049/toorcon-19-san-diego-dig-deep-into-flexispy-for-android
4. Checkpoint報道中國的手機軟體 DU Antivirus Security 竊取用戶數據
https://research.checkpoint.com/mobile-anti-virus-app-protect-infect-truth-behind-du-antivirus-security/
5. 新的Android木馬針對60多家銀行和社交應用程序
https://thehackernews.com/2017/09/android-banking-trojan.html
https://clientsidedetection.com/new_android_trojan_targeting_over_60_banks_and_social_apps.html
https://github.com/virqdroid/Android_Malware/tree/master/Red_Alert_2
6. BankBot 惡意軟體過去10個月里的演化
https://blog.fortinet.com/2017/09/19/a-look-into-the-new-strain-of-bankbot
Tech
1. 利用樹莓派、EC2 和 MHN 搭建蜜罐網路:
http://www.h-i-r.net/2017/09/building-honeypot-army-pi-ec2-mhn.html
2. Reverse Engineering an Android Application
https://leakedforums.com/threads/ebook-reverse-engineering-an-android-application-apk-hacking.349/
3. 常見的WiFi攻擊及檢測方法
https://wtf.horse/2017/09/19/common-wifi-attacks-explained/
4. <翻譯> Android應用逆向工程
http://bobao.360.cn/learning/detail/4428.html
5. <翻譯>Android Toast Overlay攻擊:無需任何許可權的「Cloak and Dagger」
http://bobao.360.cn/learning/detail/4436.html
6. ARM exploitation for IoT
https://quequero.org/2017/07/arm-exploitation-iot-episode-1/
https://quequero.org/2017/09/arm-exploitation-iot-episode-2/
7. 如何搭建一個攜帶型蜂窩網路:
https://mbro95.github.io/PortableCellNetwork/
8. 如何用 ES(ElasticSearch)優化 ssdeep 的比較結果:
http://www.intezer.com/intezer-community-tip-ssdeep-comparisons-with-elasticsearch/
9. 360網路安全研究院發現Hajime Botnet的一些新進展
http://blog.netlab.360.com/hajime-status-report/
Tool
1. idahunt - NCCGroup 開源的用於輔助 IDA Pro 逆向分析的工具
https://github.com/nccgroup/idahunt
2. githubscan:GitHub敏感信息掃描工具
https://github.com/lianfeng30/githubscan
3. MinerBlock - 挖礦的惡意軟體(包括瀏覽器插件)越來越多,海盜灣也在測試用 JS 挖礦替代廣告,作者開發了一個用於阻止基於 Web 頁面的加密貨幣挖礦後門的瀏覽器擴展
https://github.com/xd4rker/MinerBlock
4. FRIEND : 一款可以提供改進的Processor Module(比如capstone)、指令和寄存器的上下文幫助、函數調用列表的IDA插件
https://github.com/alexhude/FRIEND
Conf
1. USENIX 2017 會議演講視頻
https://www.usenix.org/conference/usenixsecurity17/technical-sessions
2. BSidesAugusta 2017會議視頻
https://www.youtube.com/playlist?list=PLEJJRQNh3v_PQEsZ8R7H6xKe9Bkg_KnVC
3. HITBGSEC 2017 Singapore 視頻
https://www.youtube.com/playlist?list=PLmv8T5-GONwR5ccR18W1uaVMAh7aF0BJ3
Vulnerability
1. BlueBorne安全威脅的一些跟進分析 和 POC
https://duo.com/blog/an-analysis-of-blueborne-bluetooth-security-risks
https://mp.weixin.qq.com/s/YCuY4D-IH3ovyBLBQkXwdQ
https://hackaday.com/2017/09/14/bluetooth-vulnerability-affects-all-major-os/
CVE-2017-0785 Android information leak (Blueborne) PoC
https://github.com/ojasookert/CVE-2017-0785
2. 安卓Trustzone有巨大漏洞?降級攻擊為你做出解析
https://mp.weixin.qq.com/s/lR9t74nrZY35mwnonO8sew
3. 攻擊TrustZone系列 -- 逆向高通TrustZone
http://mp.weixin.qq.com/s/l6GME9QCQAaN7Wxp7xCp9w
4. BabelView: 評估 Mobile Webviews 代碼注入攻擊的影響
https://arxiv.org/pdf/1709.05690.pdf
5. Linux攻擊面分析
https://anvilventures.com/blog/linux-attack-surface-analysis.html
6. 內核驅動程序mmap處理程序漏洞利用代碼開發
https://labs.mwrinfosecurity.com/publications/kernel-driver-mmap-handler-exploitation/
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-mmap-exploitation-whitepaper-2017-09-18.pdf
7. 我如何使用Cloud Fuzzing挖到了一個Tcpdump漏洞
http://www.freebuf.com/articles/network/147955.html
8. Android Message APP 拒絕服務漏洞(CVE-2017-0780)分析與利用
http://www.freebuf.com/vuls/147601.html
推薦閱讀:
※2016 中國互聯網仿冒態勢分析報告
※Android安全技術周報 10.27 - 11.02
※Android新手答疑解惑篇——JNI與動態註冊
※應用加固,給應用添加層層安全防護功能
※Android安全技術周報 09.22 - 09.28
TAG:移動安全 |