Android安全技術周報 11.03 - 11.09
Malware
1. GooglePlay 應用市場上一款假 WhatsAPP 下載量達到了100 萬,而這款假 WhatsAPP的作者與真實作者只差一個 Unicode 空格, 安裝之後會有推廣其他app的廣告
https://thehackernews.com/2017/11/fake-whatsapp-android.html https://www.reddit.com/r/Android/comments/7ahujw/psa_two_different_developers_under_the_same_name/
2. 包含挖礦代碼的app出現在Google Play(點擊按鈕之後會在後台運行一個WebView載入CoinHive的JS挖礦代碼)
https://blog.avast.com/cryptocurrency-mining-malware-sneaks-onto-google-play
3. 在Google Play Store 中發現幾款加密貨幣挖礦APP:
https://www.ixiacom.com/company/blog/everythings-better-blockchain
4. Clicking Bot Applications:
https://blog.zimperium.com/clicking-bot-applications/
5. The Strange Case of Play Policy for Copyright and Security
http://blog.fortinet.com/2017/11/08/the-strange-case-of-play-policy-for-copyright-and-security
6. Evil-Droid is a framework that create & generate & embed apk payload to penetrate android platforms
https://github.com/M4sc3r4n0/Evil-Droid
7. 如何構造Android平台的勒索軟體
https://0x00sec.org/t/creating-ransomware-for-android/4063
https://blog.underc0de.org/creando-ransomware-para-android/
8. 記一次網路詐騙追蹤過程:
http://www.freebuf.com/articles/others-articles/153079.html
9. 深淵背後的真相之薅羊毛產業報告:
http://www.freebuf.com/news/152525.html
10. 網路犯罪活動猖獗的當下,互聯網用戶該如何保護自己?
http://www.freebuf.com/articles/neopoints/153040.html
Tech
1. 對Android平台的Telegram Messager的取證分析,發現Telegram在其協議上有嚴重的問題。
http://people.unipmn.it/sguazt/pubs/Anglano-2017-Telegram.pdf
2. Bypassing Android』s Network Security Configuration
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/november/bypassing-androids-network-security-configuration/
3. 深入理解虛擬內存,實現對內存越界寫的檢測、實現無碎片內存分配等等需求:
http://ourmachinery.com/post/virtual-memory-tricks/
4. 軟體基因技術及應用:
https://mp.weixin.qq.com/s/mF_KTr7Z30g3EwfDDcA6Rw
5. 使用 Radare 進行 Android 惡意軟體分析:
https://www.nowsecure.com/blog/2016/11/21/android-malware-analysis-radare-triada-trojan/
6. 域名關聯模型:讓惡意軟體自我暴露:
https://zhuanlan.zhihu.com/p/30780842
7. 代碼安全保障技術趨勢前瞻
http://bobao.360.cn/learning/detail/4667.html
8. BalCCon2k17 videos&Slides
https://2k17.balccon.org/speakers.html
9. Linux平台如何感染運行的進程
https://0x00sec.org/t/linux-infecting-running-processes/1097
https://github.com/0x00pf/0x00sec_code/tree/master/mem_inject
https://www.real0day.com/hacking-tutorials/2017/11/6/injecting-a-running-process-linux
10. 阿里巴巴在移動端生物識別技術實踐分享
http://www.freebuf.com/articles/terminal/151619.html
11. 機器學習在安全攻防場景的應用與分析
http://www.freebuf.com/articles/neopoints/152457.html
12. 工具黨是如何破解遊戲反修改功能的
http://www.freebuf.com/articles/terminal/152963.html
13. 爬蟲兇猛:爬支付寶、爬微信、竊取現金貸放貸數據
https://mp.weixin.qq.com/s?__biz=MzIxNjM3MDc4Mg==&mid=2247485673&idx=1&sn=15071ae472d0681c2064a2dd8f8876bc&chksm=978b53d8a0fcdace2309ce7f4214227d7a7dcffc83074e769e1d84091ca2e8fafca371c2309c&mpshare=1&scene=1&srcid=1108IvCsHI74EdaV4iTcQEiu&pass_ticket=3ITnF6r7x99s%2FA7oyhkhMkfDrQl13jY5XQxDgHYT7lDT5fJuAJo2I8byDhO7ehHo#rd
14. Data Theorem 團隊研究員在微軟 BlueHat 2017 會議關於手機平台
SSL 劫持的研究報告https://datatheorem.github.io/documents/bluehat-2017.pdf
15. How STACKLEAK improves Linux kernel security
https://it-events.com/system/attachments/files/000/001/376/original/Alexander_Popov_LinuxPiter2017.pdf
16. VUSEC的在nucleus將被移植到 Binary Ninja 二進位分析框架中 ,關於這種二進位文件中檢測函數的方法參考論文 《Compiler-Agnostic Function Detection in Binaries》
https://www.vusec.net/2017/11/nucleus-picked-binary-ninja/
17. 重構ROCA
https://blog.cr.yp.to/20171105-infineon.html
18. 構建一個神經網路,從原始位元組序列的角度檢測惡意軟體
https://arxiv.org/abs/1710.09435
19. iOS vs. Android: 物理數據提取與數據保護的對比:
https://blog.elcomsoft.com/2017/10/ios-vs-android-physical-data-extraction-and-data-protection-compared/
Tool
1. ARM exploitation for IoT - 基於增強版 GDB 調試工具 GEF 調試 ARM Exploit
https://quequero.org/2017/11/arm-exploitation-iot-episode-3/
2. FAME:友好的惡意軟體分析框架
https://www.virusbulletin.com/blog/2017/11/paper-fame-friendly-malware-analysis-framework/
https://certsocietegenerale.github.io/fame/
3. fridump:基於Frida的通用內存dump工具
http://pentestcorner.com/introduction-to-fridump/
https://github.com/Nightbringer21/fridump
Android平台示例:
http://pentestcorner.com/fridump-android-examples/
iOS平台示例:
http://pentestcorner.com/fridump-ios-examples/
4. Trape is a recognition tool that allows you to track people, the information you can get is very detailed.
https://github.com/boxug/trape
5. Ti_Collector:收集網上公開來源的威脅情報,主要關注信譽類威脅情報(如IP/域名等),以及事件類威脅情報
https://github.com/scu-igroup/Ti_Collector
6. LIEF - QuarksLab 開源的一個跨平台可執行文件格式(PE/ELF/MachO)的解析、修改、抽象庫
https://github.com/lief-project/LIEF
https://blog.quarkslab.com/have-fun-with-lief-and-executable-formats.html
Vulnerability
1. Android 11 月安全公告
https://source.android.com/security/bulletin/2017-11-01
2. 現在漏洞發現者都希望給漏洞命名。這篇Blog 作者介紹了 6 個之前沒有名字的內核漏洞,影響 Android 和一些路由器設備,作者表示:"Please Stop Naming Vulnerabilities"(CVE-2017-11013/CVE-2017-9714/CVE-2017-11014/CVE-2017-11015/)
https://pleasestopnamingvulnerabilities.com/
3. 關於Rowhammer 攻擊技術的又一篇 Paper《Another Flip in the Wall of Rowhammer Defenses》,這篇 Paper 中作者提出了一種新的攻擊技術- one-location hammering,可以不再依賴之前觸發 Row Hammer Bug 的苛刻條件:
https://github.com/IAIK/flipfloyd
https://arxiv.org/abs/1710.00551
4. kernelpop - Linux 內核提權漏洞枚舉與利用框架:
http://www.kitploit.com/2017/11/kernelpop-kernel-privilege-escalation.html
https://github.com/spencerdodd/kernelpop
5. Designing New Operating Primitives to Improve Fuzzing Performance
https://acmccs.github.io/papers/p2313-xuA.pdf
6. afl-unicorn - 將 Unicorn 的模擬執行能力集成進 AFL Fuzz 中,Fuzz 無源碼的二進位代碼:
https://medium.com/@njvoss299/afl-unicorn-fuzzing-arbitrary-binary-code-563ca28936bf
7. Linux內核Waitid系統調用本地提權漏洞(CVE-2017-5123)的分析與利用:
http://www.freebuf.com/vuls/152412.html
https://reverse.put.as/2017/11/07/exploiting-cve-2017-5123/
推薦閱讀:
※應用加固,給應用添加層層安全防護功能
※安卓加密軟體哪個好?全方位保護應用安全!
※燒烤趴大家可曾盡興?11月18幾維安全依舊等你!
※Android安全技術周報 08.18 - 08.25
※比特網專訪幾維安全CEO范俊偉
TAG:移動安全 |