漏洞攻击与防护_攻击面(Attack Surface)研究资源整理
PS:资料来源于 腾讯玄武实验室 的 每日安全动态推送 ,本人的工作是进行了部分归纳和整理,后期研究漏洞防护需要用到这部分的内容。版权归腾讯玄武实验室,侵删!
攻击方向:
1.
[ Exploit ] Privilege Escalation: Manual privilege escalation techniques on Unix and Windows - https://t.co/RDZ5DlHH7w #Hacking #Pentesting #PrivEsc
" Unix 和 Windows 系统中的本地提权技术总结: http://t.cn/R6C2FLB "
2.
[ Windows ] Our #BlueHatIL Slides "Device Guard Attack Surface, Bypasses, and Mitigations " https://1drv.ms/b/s!AjtdNPlVeOS5hTrAHJchDzh7HKsx @ mattifestation @ subTee
" Casey Smith 在 BlueHatIL 会议的演讲《Device Guard 的攻击界面、绕过方法和缓解措施》: https://t.co/H1e4AWgjY6 "
3.
[ Windows ] EXD: An attack surface for Microsoft Office | Fortinet Blog http://ow.ly/10g8Vx
"EXD 文件: Microsoft Office 的一个攻击界面, 来自 Fortinet Blog: https://t.co/R7kjDxansc"
4.
[ Browser ] @ MarkYason on WinRT PDF: WinRT PDF: A Potential Route for Attacking Edge
"WinRT PDF 是 Edge 浏览器的一个新的攻击界面, WinRT PDF 是 Edge 浏览器用于处理 PDF 文件的类库,最早出现在 Windows 8: https://t.co/GNUuNSQNS5
这篇 Blog 的作者 Mark Yason 在这几天的 RSA 2016 会议上也有一个相关的演讲< EdgeHTML 引擎的攻击界面和漏洞利用缓解技术>: http://www.rsaconference.com/writable/presentations/file_upload/hta-w04-understanding-the-attack-surface-and-attack-resilience-of-edgehtml.pdf Edge "
5.
[ Browser ] Nice! Mozilla ships its first Rust code in Firefox. Media parsers have been a large attack surface for browsers. Shipping Rust in Firefox
" Mozilla Firefox 48 版本起将在各桌面平台内置 Rust 组件,其中的 MP4 解析器将用 Rust 代码实现: https://t.co/WLToS14wUA"
6.
[ Browser ] Slowly, but surely reducing Chromium attack surface: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/lyuWXZ_1kXo. Thanks @ meacer!
"Blink(Chromium)项目将要禁止通过 标签、window.open、window.location 打开 view-source, 来自 Blink 邮件组 ︰ https://t.co/P1ygXO13n9 "
7.
[ Windows ] Analysis of the Attack Surface of Windows 10 Virtualization-Based Security : https://www.blackhat.com/docs/us-16/materials/us-16-Wojtczuk-Analysis-Of-The-Attack-Surface-Of-Windows-10-Virtualization-Based-Security.pdf (Slides) #BlackHat2016
" Windows 10 基于虚拟化的安全架构的攻击面分析,来自 BlackHat 2016 会议,PPT︰ https://t.co/8DLuSWe22u Paper: https://www.blackhat.com/docs/us-16/materials/us-16-Wojtczuk-Analysis-Of-The-Attack-Surface-Of-Windows-10-Virtualization-Based-Security-wp.pdf "
8.
[ Windows ] Windows Meta?les : An Analysis of the EMF Attack Surface & Recent Vulnerabilities : http://www.slideshare.net/PacSecJP/jurczyk-windows-metafilepacsecv2 (Slides) cc @ j00ru
"Windows Meta?les: EMF 的攻击面和最近的漏洞分析,来自 PacSec 会议︰ https://t.co/gQm5YjT4q0 "
9.
[ Fuzzing ] DIG INTO THE ATTACK SURFACE OF PDF AND GAIN 100+ CVES IN 1 YEAR,来自玄武实验室 Ke Liu 在 BlackHat Asia 会议的演讲,其中分享了他在挖掘 PDF 文件格式漏洞过程中的经验,包括如何寻找攻击面以及 Fuzzing 过程中的一些技巧:
10.
[ Windows ] pgboy1988 公开了其在 CanSecWest 2017 会议关于 win32k Composition 攻击面 演讲的 PPT 和两个漏洞 PoC: progmboy/cansecwest2017
11.
[ Windows ] Check details how I exploit a win32k vulnerability for EoP in Pwn2Own 2016. https://twitter.com/zer0mem/status/791522523003228160
" win32k 的攻击面以及如何利用它的漏洞在 Pwn2Own 2016 绕过 Edge 的沙箱,来自科恩实验室研究员的分享《Rainbow Over the Windows: More Colors Than You Could Expect》: https://t.co/UYndiEXj0T http://www.slideshare.net/PeterHlavaty/rainbow-over-the-windows-more-colors-than-you-could-expect "
防御技术
1.
[ Mitigation ] ROP CFI RAP XNR CPI WTF? – Navigating the Exploit Mitigation Jungle (@f0rki) - https://t.co/NCarLKtGf4 #BSidesLjubljana #video
" BSides 会议上一篇针对 ASLR/CFI 等缓解措施的总结: ROP CFI RAP XNR CPI WTF? - Navigating the Exploit Mitigation Jungle (Michael Rodler) - Security BSidesLjubljana 0x7E1 "
2.
[ Browser ] Understanding EdgeHTML』s Attack Surface and Exploit Mitigations by @ MarkYason - Understanding EdgeHTMLs Attack Surface and Exploit Mitigations
"EdgeHTML 的攻击界面和漏洞利用缓解措施: https://t.co/lZ0QmfOcud"
3.
[ Browser ] Great attack surface reduction for the Microsoft Edge sandbox in the upcoming Creators Update https://twitter.com/MSEdgeDev/status/844957192818110464
"微软发了一篇新 Blog,谈即将发布的 Windows 10 Creators 中 Edge 沙箱所做的防御改进措施: Strengthening the Microsoft Edge Sandbox "
4.
[ Windows ] #PacSec decks are up! Go check @j00rus crazy 150 slides on Windows Meta?les and the EMF attack surface...… https://t.co/QWMJiJ7PKc
"windows metafile,演讲者主要对 EMF 攻击面进行了分析,同时分析了最近的一些漏洞,来自 PacSec 2016(slides): https://t.co/QWMJiJ7PKc同时演讲者分享了他今年其他的议题: Slides about my Windows Metafile research (Ruxcon, PacSec) and fuzzing (Black Hat EU) now public."
5.
[ Windows ] WINDOWS 10 MITIGATION IMPROVEMENTS: https://www.blackhat.com/docs/us-16/materials/us-16-Weston-Windows-10-Mitigation-Improvements.pdf
"Windows 10 在漏洞利用缓解措施方面的改进,来自微软研究员在 BlackHat 会议的演讲︰ https://t.co/8h4Ju7T5tM BlackHat 会议,除了演讲,还有一个称为 兵器库 的部分,其中很多工具也值得看看: Black Hat USA 2016 "
推荐阅读: