Android安全技術周報 11.24 - 11.30

Malware

1. 卡巴斯基對Android 商業間諜軟體的調查報告

https://securelist.com/android-commercial-spyware/83098/

2. 偽造Whatsapp技術分析

https://blog.zimperium.com/fake-whatsapp-real-malware-zlabs-discovered/

3. FinFisher：新的攻擊技術與感染向量

https://www.virusbulletin.com/blog/2017/11/vb2017-video-finfisher-new-techniques-and-infection-vectors-revealed/

4. Tizi - Google 最近發現的一款針對非洲國家的後門間諜 APP 家族，Tizi 具有 ROOT 能力，專門用於偷取用戶社交媒體 APP 的敏感信息

https://security.googleblog.com/2017/11/tizi-detecting-and-blocking-socially.html

5. AI引擎助力揭秘百萬地下暗流EvilJS隱匿者家族幕後

http://www.freebuf.com/articles/network/154966.html

6. Android 惡意軟體偽裝成色情應用攻擊中國用戶

https://www.symantec.com/blogs/threat-intelligence/android-malware-porn-apps-chinese

7. 2017移動互聯網勒索病毒專項研究報告

http://www.freebuf.com/articles/paper/154956.html

8. McAfee Lab 對 2018 年的威脅預測

https://securingtomorrow.mcafee.com/mcafee-labs/2018-threats-predictions/

Tech

1. 準確率99%！基於深度學習的二進位惡意樣本檢測

https://mp.weixin.qq.com/s/Bw8QuhSDDImgFWSO2-xUZQ

2. 自動化動態惡意軟體分析中的逃逸與反逃逸技術調查

https://github.com/bulaza/Publications/blob/master/ROOTS2017/A%20Survey%20On%20Automated%20Dynamic%20Malware%20Analysis%20Evasion%20and%20Counter-Evasion.pdf

3. ROPEmporium: Pivot 32-bit CTF Walkthrough With Radare2

http://radiofreerobotron.net/blog/2017/11/23/ropemporium-pivot-ctf-walkthrough/

4. 如何使用netcat將Android文件系統的鏡像直接傳到本地系統

https://infosecaddicts.com/netcat-transferring-android-file-system/

5. MobSF框架及源代碼分析

http://www.mottoin.com/96841.html

6. RECon 2017 會議的演講視頻

https://recon.cx/2017/montreal/recordings/

7. H2HC 2017 Slides/Materials/Presentations

https://github.com/h2hconference/2017

8. 利用frida的新型Arm64Writer API來構建內存中的反向TCP shell

https://versprite.com/og/frida-engage-part2/index.html

9. 移動端與Web瀏覽器的憑證管理

https://www.nccgroup.trust/uk/our-research/mobile-and-web-browser-credential-management-security-implications-attack-cases-and-mitigations/

10. 針對 Furby Connect 應用的逆向分析

https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect

11. exploit-database-papers - Exploit Databases Papers

https://github.com/offensive-security/exploit-database-papers

12. 如何構建一個可移植的Linux二進位文件

http://blog.gibson.sh/2017/11/26/creating-portable-linux-binaries/

13. 基於SVM模型識別登錄驗證碼:

https://manning23.github.io/2015/04/30/%E5%9F%BA%E4%BA%8ESVM%E6%A8%A1%E5%9E%8B%E8%AF%86%E5%88%AB%E7%99%BB%E5%BD%95%E9%AA%8C%E8%AF%81%E7%A0%81/

14. wesome-ml-for-cybersecurity - 優秀的網路安全機器學習資源整合

https://github.com/Biprodeep/awesome-ml-for-cybersecurity

15. 反逆向的虛擬機技術

https://www.youtube.com/watch?v=ZUXP9ZbPv9s&ab_channel=GynvaelEN

16. 安全對人工智慧的需求——從機器學習到機器創造

https://www.anquanke.com/post/id/87580

17. 使用Polyhedra訪問內存的二進位代碼的抽象理解

https://arxiv.org/pdf/1711.07257.pdf

18. PartiSan: Fast and Flexible Sanitization via Run-time Partitioning

https://arxiv.org/pdf/1711.08108.pdf

19. 網路犯罪分子如何濫用聊天平台 API 作為C&C 通信的基礎設施:

https://documents.trendmicro.com/assets/wp/wp-how-cybercriminals-can-abuse-chat-platform-apis-as-cnc-infrastructures.pdf

Tool

1. 解密Scapy packets的radare2插件

https://github.com/guedou/r2scapy/blob/master/README.md

2. DAS MALWERK collects executable malware from all kinds of shady places on the internet.

http://dasmalwerk.eu/

3. linux-explorer - 用於 Linux 現場取證的工具箱

https://github.com/intezer/linux-explorer

4. 免費簡單高效的在線pcap分析平台

https://packettotal.com/

5. r4ge - 調用宏進行符號執行的 radare2 插件

https://github.com/gast04/r4ge

6. 通過ARIN搜索IP所有人

https://github.com/mr-un1k0d3r/searchipowner

Vulnerability

1. 安卓內核UAF漏洞利用藝術

https://speakerd.s3.amazonaws.com/presentations/024461bb048c4a12abe6fa28304ad54f/the_art_of_exploiting_uaf.pdf

2. 老司機的賞金計劃指南

https://blog.securitybreached.org/2017/11/25/guide-to-basic-recon-for-bugbounty/

3. Behind the PWN of a TrustZone。在 Android 設備的 TrustZone 中執行代碼

https://www.slideshare.net/GeekPwnKeen/nick-stephenshow-does-someone-unlock-your-phone-with-nose

4. Android Gmail 附件下載目錄穿越漏洞

https://bugs.chromium.org/p/project-zero/issues/detail?id=1342

https://cxsecurity.com/issue/WLB-2017110153

5. Huge Dirty COW - Incomplete Dirty COW， Bindecy 團隊在對 Linux 內核 Dirty COW 漏洞（CVE-2016–5195）補丁分析後發現補丁後仍有問題（CVE-2017–1000405）

https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0<https://github.com/bindecy/HugeDirtyCowPOC

6. RamFuzz - 基於深度神經網路、自動化生成單元測試用例的 C++ 代碼 Fuzzing

https://github.com/dekimir/RamFuzz/blob/master/sci/ramfuzz.md

7. 如何在 Azeria Labs 的 ARM 逆向虛擬機實驗環境中測試棧溢出

https://azeria-labs.com/part-3-stack-overflow-challenges/

8. CVE-2015-3864漏洞利用分析(exploit_from_google)

https://jinyu00.github.io/2017/11/21/cve_2015_3864_google_exploit.html

9. 基於JdbcRowSetImpl的Fastjson RCE PoC構造與分析

http://bobao.360.cn/learning/detail/4747.html

10. Linux x64 系統中的 Egg Hunting（搜尋長的Shellcode 並執行）技巧

https://pentesterslife.blog/2017/11/24/x64-egg-hunting-in-linux-systems/

http://bobao.360.cn/learning/detail/4759.html

11. Java Key Store (JKS) format is weak and insecure (CVE-2017-10356)

http://www.floyd.ch/?p=1006

12. Linux Kernel XFRM(Netlink socket subsystem) UAF 提權漏洞，附 Ubuntu 17.04 版本的 PoC

https://blogs.securiteam.com/index.php/archives/3535

http://bobao.360.cn/learning/detail/4762.html