r0ysue / OSG-TranslationTeam

看雪iOS安全小组的翻译团队作品集合,如有勘误,欢迎斧正!

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

OSG-macOS/iOS Security Group Translation Team

看雪iOS安全小组的翻译团队作品合集,如有勘误/瑕疵/拗口/偏颇,欢迎斧正!

看雪iOS安全小组置顶向导资源集合贴: [逆向][调试][漏洞][越狱]:http://bbs.pediy.com/showthread.php?t=212685

翻译团队

维护by:yaren (看雪ID:西海)


编号 文章 来源网址 翻译 得票
1 MacOS and iOS Internals, Volume III: Security & Insecurity http:// newosxbook.com /files/moxii3 /AppendixA.pdf rodster@ccav10.cn(727542262) everettjf@live.com(276751551)
2 Analysis and exploitation of Pegasus kernel vulnerabilities (CVE-2016-4655 / CVE-2016-4656) http://jndok.github.io/2016/10/04/pegasus-writeup/ rodster@ccav10.cn(727542262)
3 海马iOS应用商店助手各种恶意行为的研究 Helper for Haima iOS App Store Adds More Malicious Behavior http://blog.trendmicro.com/trendlabs-security-intelligence/helper-haima-malicious-behavior/ rodster@ccav10.cn(727542262)
4 未越狱状态下的iOS插桩:iOS instrumentation without jailbreak https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/october/ios-instrumentation-without-jailbreak/ rodster@ccav10.cn(727542262)
5 iOS软件在运行时究竟做了什么:Introspy-iOS https://github.com/integrity-sa/Introspy-iOS try_fly:247498009
6 当我们在移动文件时,发生了什么?MacOS File Movements https://forensic4cast.com/2016/10/macos-file-movements/ 舜生Ree:2035153354
7 macOS Chrome密码破解 Decrypting Google Chrome Passwords on macOS / OS X http://bufferovernoah.com/2016/10/17/chrome/ free:249099804
8 CVE-2016-6187: Exploiting Linux kernel heap off-by-one by Vitaly Nikolenko https://cyseclabs.com/blog/cve-2016-6187-heap-off-by-one-exploit rodster@ccav10.cn(727542262)
9 LINUX SRP OVERWRITE AND ROP http://buffered.io/posts/linux-srp-overwrite-and-rop/ 布兜儿:527626504
10 基于python的开源LLDB前端GUI Voltron简介 https://github.com/snare/voltron 拟人:75345771
11 基于 Frida 框架的 Objective-C 插桩方法 Objective-C Instrumentation with Frida https://rotlogix.com/2016/03/20/objective-c-instrumentation-with-frida/ lockdown:527850864
12 FRIDA框架简介:Welcome introduction、quickstart guide、installation、basic usage http://www.frida.re/docs/home/ lockdown:527850864
13 FRIDA框架简介:Modes ofoperation、Functions、Messages、iOS、Android http://www.frida.re/docs/home/ lockdown:527850864
14 FRIDA框架推出8.1 released http://www.frida.re/news/2016/10/25/frida-8-1-released/ lockdown:527850864
15 OS X蓝牙IO系统UAF漏洞分析 OS X kernel use-after-free in IOBluetoothFamily.kext https://bugs.chromium.org/p/project-zero/issues/detail?id=830 附上Exploit:https://www.exploit-db.com/exploits/40652/ 布兜儿:527626504
16 OS X/iOS磁盘镜像子系统UAF漏洞分析 OS X/iOS kernel use-after-free in IOHDIXController https://bugs.chromium.org/p/project-zero/issues/detail?id=832 布兜儿:527626504
17 OS X内核存储UAF漏洞分析 OS X kernel use-after-free in CoreStorage https://bugs.chromium.org/p/project-zero/issues/detail?id=833 布兜儿:527626504
18 OS X内核雷电IO系统UAF漏洞 OS X kernel use-after-free in IOThunderboltFamily https://bugs.chromium.org/p/project-zero/issues/detail?id=834 布兜儿:527626504
19 OS X/iOS图像共享IO的UAF漏洞分析 OS X/iOS kernel use-after-free in IOSurface https://bugs.chromium.org/p/project-zero/issues/detail?id=831 布兜儿:527626504
20 task_t指针重大风险预报 task_t considered harmful https://googleprojectzero.blogspot.kr/2016/10/taskt-considered-harmful.html 看雪翻译小组
21 task_t指针重大风险预报——PoC task_t considered harmful - many XNU EoPs https://bugs.chromium.org/p/project-zero/issues/detail?id=837 看雪翻译小组
22 IOKit被动Fuzz框架 PassiveFuzzFrameworkOSX https://github.com/SilverMoonSecurity/PassiveFuzzFrameworkOSX 看雪翻译小组
23 launchd中虚拟磁盘挂载尺寸分配问题导致UAF Controlled vm_deallocate size can lead to UaF in launchd https://bugs.chromium.org/p/project-zero/issues/detail?id=896 看雪翻译小组
24 launchd中消息队列逻辑问题导致内核message控制 Logic issue in launchd message requeuing allows arbitrary mach message control https://bugs.chromium.org/p/project-zero/issues/detail?id=893 看雪翻译小组
25 OSX/iOS中的内存端口注册中的内存安全问题 OS X/iOS multiple memory safety issues in mach_ports_register https://bugs.chromium.org/p/project-zero/issues/detail?id=882 看雪翻译小组
26 趋势科技研究员今年 7 月份在 HITCON 2016 会议的演讲《(P)FACE Into the Apple Core and Exploit to Root》 http://hitcon.org/2016/CMT/slide/day1-r2-c-1.pdf 看雪翻译小组
27 通过 OS X 的邮件规则实现持久控制 Using email for persistence on OS X https://www.n00py.io/2016/10/using-email-for-persistence-on-os-x/ 布兜
28 通过 IO Kit 驱动走进 Ring-0︰Strolling into Ring-0 via IO Kit Drivers https://ruxcon.org.au/assets/2016/slides/RuxCon_Wardle.pdf 18
29 Nginx 搭建同时启用多个工具的 HTTP 代理环境,支持多个用户 https://www.swordshield.com/2016/10/multi-tool-multi-user-http-proxy/ 5
30 提高iOS的健壮性及抗Fuzz技术 https://ruxcon.org.au/assets/2016/slides/Make_iOS_App_more_Robust_and_Security_through_Fuzzing-1476442078.pdf 9
31 iOS的WebView自动拨号的bug iOS WebView auto dialer bug https://www.mulliner.org/blog/blosxom.cgi/security/ios_webview_auto_dialer.html
32 iOS.GuiInject广告木马库分析 Analysis of iOS.GuiInject Adware Library https://sentinelone.com/blogs/analysis-ios-guiinject-adware-library/ 4
33 iOS软件安全全局方法论 iOS Application Security Review Methodology http://research.aurainfosec.io/ios-application-security-review-methodology/ 6
34 解码苹果上所有的Tokens decrypts/extracts all authorization tokens on macOS / OS X / OSX https://github.com/manwhoami/MMeTokenDecrypt
35 Lookout发布的iOS三叉戟漏洞的详细技术分析 Technical Analysis of the Pegasus Exploits on iOS https://info.lookout.com/rs/051-ESQ-475/images/pegasus-exploits-technical-details.pdf
36 攻击safari的JS引擎CVE-2016-4622详细分析 http://phrack.org/papers/attacking_javascript_engines.html
37 Mac平台上的广告蠕虫一览 https://blog.malwarebytes.com/threat-analysis/social-engineering-threat-analysis/2016/11/an-overview-of-malvertising-on-the-mac/
38 Mac 用户想防止被查水表? https://github.com/drduh/macOS-Security-and-Privacy-Guide
39 Mac 上恶意软件的总览 https://blog.malwarebytes.com/threat-analysis/social-engineering-threat-analysis/2016/11/an-overview-of-malvertising-on-the-mac/
40 阻止 iCloud 日历上的垃圾邮件邀请 http://t.cn/RfjMbGy https://t.co/qOHXUYS6J3 https://t.co/PYGq7gNT4V
41 绕过苹果系统的完整性保护 Bypassing Apple's System Integrity Protection https://objective-see.com/blog/blog_0x14.html
42 在二进制代码中通过静态分析的方法检测 UAF 漏洞 https://t.co/ulcgwGkRI7
43 趋势科技的一篇 Blog,谈利用 Dirty Cow 漏洞攻击 Android http://blog.trendmicro.com/trendlabs-security-intelligence/new-flavor-dirty-cow-attack-discovered-patched/
44 以福昕阅读器为例实现高性能Fuzz Applied high-speed in-process fuzzing: the case of Foxit Reader https://t.co/6MwdamAHJ4
45 ARM汇编语言极速入门part 1~5 https://azeria-labs.com/writing-arm-assembly-part-1/
46 苹果FSEvent深层文件系统调用记录取证 http://nicoleibrahim.com/apple-fsevents-forensics/
47 二进制grep工具、还能高亮! https://github.com/m4b/bingrep/
48 MacRansom,Mac上的勒索软件分析(带反调试、反虚拟机) https://objective-see.com/blog/blog_0x1E.html
49 IDA反汇编的一些小技巧 https://qmemcpy.github.io/post/ida-series-1-hex-rays
50 macOS 10.12.2本地提权以及XNU port堆风水by蒸米大神:【https://jaq.alibaba.com/community/art/show?articleid=781 提权的exp源码也可以在我的github下载到:【https://github.com/zhengmin1989/macOS-10.12.2-Exp-via-mach_voucher】 https://jaq.alibaba.com/community/art/show?articleid=781
51 反病毒Yara规则生成器、病毒特征提取工具 https://github.com/Neo23x0/yarGen
52 10.2.1上重打包iOS应用的方法 http://www.vantagepoint.sg/blog/85-patching-and-re-signing-ios-apps
53 iOS 10.3.1 Wifi芯片漏洞详解——by Project Zero Beniamini https://googleprojectzero.blogspot.jp/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html
54 从iOS程序运行时的堆中提取敏感信息 https://blog.netspi.com/ios-tutorial-dumping-the-application-heap-from-memory/
55 如何在 macOS 上安装 Powershell 6.0 http://www.techrepublic.com/article/how-to-install-microsoft-powershell-6-0-on-macos/
56 Google ssl_logger - 可以解密并记录进程的SSL流量 https://github.com/google/ssl_logger
57 ian beer 亲自讲解iOS 10越狱用的mach portal的教程 上 https://github.com/zhengmin1989/GreatiOSJailbreakMaterial/blob/master/iOS10_Mach_Portal.pdf
58 ian beer 亲自讲解iOS 10越狱用的mach portal的教程 中 https://github.com/zhengmin1989/GreatiOSJailbreakMaterial/blob/master/iOS10_Mach_Portal.pdf
59 ian beer 亲自讲解iOS 10越狱用的mach portal的教程 下 https://github.com/zhengmin1989/GreatiOSJailbreakMaterial/blob/master/iOS10_Mach_Portal.pdf
60 iOS 9 开始引入的内核完整性保护(KPP)功能是如何实现的 https://xerub.github.io/ios/kpp/2017/04/13/tick-tock.html
61 支持macOS!-"leviathan - 大型安全审计工具包,支持大范围的服务探测、暴力破解、SQL注入检测以及运行自定义漏洞利用模块 https://github.com/leviathan-framework/leviathan
62 [CODE REVIEW]TWEAK系列-respring之后弹自定义消息-PopUpOnStart https://github.com/LacertosusRepo/Open-Source-Tweaks
63 [CODE REVIEW]TWEAK系列-给调音量增加震动反馈-Volbrate https://github.com/LacertosusRepo/Open-Source-Tweaks
64 [CODE REVIEW]TWEAK系列-给控制中心增加震动反馈-HaptikCenter https://github.com/LacertosusRepo/Open-Source-Tweaks
65 [CODE REVIEW]TWEAK系列-每次respring之后给你播放一段音乐-SoundSpring https://github.com/LacertosusRepo/Open-Source-Tweaks
66 一个函数,两个bug part.1 https://www.synack.com/2017/03/27/two-bugs-one-func/
67 一个函数,两个bug(含poc) part.2 https://www.synack.com/2017/04/07/two-bugs-one-func-p2/ POC地址: https://pastebin.com/87fHLMQq
68 APFS苹果文件系统逆向初探 https://blog.cugu.eu/post/apfs/
69 Safari Browser Array.concat 方法中越界的内存拷贝可导致内存破坏(CVE-2017-2464 https://bugs.chromium.org/p/project-zero/issues/detail?id=1095
70 在 HITB AMS 2017 会议上,独立安全研究员 malerisch 分享了他是如何在趋势科技产品中挖掘到 200 个 CVE 的 http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html
71 昨天他又写了一篇 Blog 介绍了一个新发现的趋势科技 TDA 产品 Session 生成认证机制绕过的漏洞 http://conference.hitb.org/hitbsecconf2017ams/materials/D1T1 - Steven Seeley and Roberto Suggi Liverani - I Got 99 Trends and a # Is All Of Them.pdf"
72 【Frida系列】Frida的基本功能 http://2015.zeronights.org/assets/files/23-Ravnas.pdf
73 【Frida系列】通过案例入门Frida - learn by example http://www.ninoishere.com/frida-learn-by-example/
74 【Frida系列】逆向iOS过程中一些有用的Frida脚本 some useful frida script for iOS Reversing https://github.com/as0ler/frida-scripts
75 安卓下的对Frida的检测方法(问:如何移植到iOS) http://www.vantagepoint.sg/blog/90-the-jiu-jitsu-of-detecting-frida
76 Pwn2Own 2017 Samuel Groß 攻击 Safari 所使用的 WebKit JSC::CachedCall UAF 漏洞的分析(CVE-2017-2491)(第一篇) https://phoenhex.re/2017-05-04/pwn2own17-cachedcall-uaf
77 Fox-IT 的研究员发现 Snake 恶意软件框架首次出现了攻击 MacOS 操作系统的版本 https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/ Github: https://github.com/Neo23x0/signature-base/blob/master/yara/apt_snaketurla_osx.yar
78 Mobile Pwn2Own 2012 -WebKit Array.sort() UAF 漏洞的分析和利用(CVE-2012-3748)(一) https://scarybeastsecurity.blogspot.jp/2017/05/ode-to-use-after-free-one-vulnerable.html
79 Mobile Pwn2Own 2012 -WebKit Array.sort() UAF 漏洞的分析和利用(CVE-2012-3748)(二) https://scarybeastsecurity.blogspot.jp/2017/05/ode-to-use-after-free-one-vulnerable.html
80 Mobile Pwn2Own 2012 -WebKit Array.sort() UAF 漏洞的分析和利用(CVE-2012-3748)(三) https://scarybeastsecurity.blogspot.jp/2017/05/ode-to-use-after-free-one-vulnerable.html
81 用fuzzing来高速挖洞_High_Speed_Bug_Discovery_with_Fuzzing
82 无痛入门Linux用户态堆和堆风水 https://sensepost.com/blog/2017/painless-intro-to-the-linux-userland-heap//
83 Flanker:CVE-2017–2448, 绕过OTR签名校验iCloud钥匙串秘密窃取 https://medium.com/@longtermsec/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605
84 Fuzz 工具 OSS-Fuzz 开源的 5 个月中,被用于测试了 47 个开源项目,发现了超过 1000 个 Bug(264 个潜在漏洞) https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html
85 Project Zero 研究员 Felix 总结的 iOS APP 层面的常见漏洞案例 https://github.com/felixgr/secure-ios-app-dev
86 CIA那个用NSUnarchiver过沙盒的0day被beer挖出来了,还随手挖了修了一堆 IPC 过沙盒的洞 https://bugs.chromium.org/p/project-zero/issues/detail?id=1168&can=1&q=owner%3Aianbeer%20modified-after%3A2017%2F5%2F22
87 近期几款色情 App 开始大量在 Android 和 iOS 平台上传播,他们甚至找到了上架 Apple App Store 的方式 http://blog.trendmicro.com/trendlabs-security-intelligence/pua-operation-spreads-thousands-explicit-apps-wild-legitimate-app-stores/
88 两款用来破解 MacOS Keychain 的工具: KeychainCracker,chainbreaker KeychainCracker: https://github.com/macmade/KeychainCracker chainbreaker: https://github.com/n0fate/chainbreaker
89 joker:使用joker抽取iOS 11的kernelcache http://newosxbook.com/tools/joker.html
90 “捡到一个亿”系列:盘古Janus原型:云舒幻盾原型:伸缩性规模化分布式全自动蠕虫木马代码定位检测系统暨入侵预警与防御系统原型机白皮书 http://lockheedmartin.com/content/dam/lockheed/data/isgs/documents/LaikaBOSS%20Whitepaper.pdf Github地址:https://github.com/lmco/laikaboss
91 安全从业者的瑞士军刀——样本模块匹配搜索引擎 https://virustotal.github.io/yara/
92 libimobiledevice,用来操纵iOS设备的跨平台本地协议库和工具库 http://www.libimobiledevice.org/
93 【大数据】工具分享:全自动YARA规则生成器:如何从病毒木马大数据样本中批量提取字符串指纹 https://github.com/Neo23x0/yarGen 范例:https://www.bsk-consulting.de/2015/02/16/write-simple-sound-yara-rules/https://www.bsk-consulting.de/2015/10/17/how-to-write-simple-but-sound-yara-rules-part-2/、https://www.bsk-consulting.de/2016/04/15/how-to-write-simple-but-sound-yara-rules-part-3/
94 macOS内核调试指南:Introduction to macOS Kernel Debugging http://lightbulbone.com/2016/10/04/intro-to-macos-kernel-debugging.html
95 逆向macOS内核扩展模块“DSMOS”:Reversing a macOS Kernel Extension http://lightbulbone.com/2016/10/11/dsmos-kext.html
96 栈反转技术简介和示例:Stack Pivoting http://neilscomputerblog.blogspot.tw/2012/06/stack-pivoting.html
97 APT团队海莲花出新品啦——全新设计的高级macOS后门软体套件!The New and Improved macOS Backdoor from OceanLotus https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-backdoor-oceanlotus/
98 如何在 macOS 中监控指定应用的 HTTPS 流量 Monitoring HTTPS Traffic of a Single App on OSX/
99 macOS软件沙盒工具,监控所有文件和进程 filewatcher-a simple auditing utility for macOS/
100 谷歌推出的ssl流量记录器:解密并且记录进程的所有SSL流量信息 ssl_logger_byGoogle_Github
101 iOS_App二进制文件逆向指南 ObjC篇:Reading iOS app binary files
Swift篇:Reading iOS app binary files. Part 2: Swift
102 【Frida系列】Frida全局方法论和入门实例 Unlocking secrets of proprietary software using Frida备用链接
103 macOS和iOS的位置信息数据库dump下来 Dump the contents of the location database files on iOS and macOS.
104 【Frida系列】使用Frida从TeamViewer的内存中提取出密码 Extract password from TeamViewer memory using Frida
105 【IDA系列】IDA 6.95最新进展:使用UTF-8从头开始构建并支持iOS源码级调试及直接调试dyld_shared_cache中的dylib News about the x64 edition
106 【iOS内核漏洞讲解系列】树人哥讲解影响iOS5、6、7、8三年之久的setattrlist()漏洞 setattrlist() iOS Kernel Vulnerability Explained
107 【IDA系列】IDA Pro 6.8 for mac破解版上手指南 文件在雪花群群文件里下载
108 【IDA系列】IDA伴侣——FRIEND Flexible Register/Instruction Extender aNd Documentation
109 【IDA系列】使用IDA Python插件加速分析集成系统固件镜像 the life-changing magic of ida python embedded device edition
IDAPython Embedded Toolkit
110 【iOS App安全】App逆向研究的方法 RECON-BRX-2017-Analysing_ios_Apps
111 【radare2系列】给r2加上可视化支持 Bubble Struggle - Call Graph Visualization with Radare2
112 【IDA系列】导出IDA的调试信息 Exporting IDA Debug Information - Adam Schwalm
113 开源的macOS系统进程信息查看工具 Proc Info is a open-source, user-mode, library for macOS
114 【Git进阶】Git天梯图 Git Cheat Sheet: Useful Commands, Tips and Tricks
115 从keychain为犯罪者进行“画像” Breaking into the iCloud Keychain
116 macOS High Sierra的'Secure Kernel Extension Loading'瓦特了 High Sierra's 'Secure Kernel Extension Loading' is Broken
117 “盲”逆向:iOS 应用 Blind 寻踪 "BLIND" Reversing - A Look At The Blind iOS App https://paper.seebug.org/440/
118 给iOS添加根证书太简单了! Too Easy – Adding Root CA’s to iOS Devices
119 在10.12 macOS Sierra上编译XNU内核 Building the XNU kernel on Mac OS X Sierra (10.12.X)
120 一步一步编译iOS的内核——arm64版本的XNU steps to build arm64 version of xnu-4570.1.46
121 CVE-2017-5123爆破指南writeup Exploiting CVE-2017-5123 视频地址
122 为什么root和空密码可以进系统? Why Gets You Root
123 iOS11安全与隐私保护完整指南 iOS 11: A Complete Guide to iOS Security and Privacy](https://www.intego.com/mac-security-blog/ios-11-a-complete-guide-to-ios-security-and-privacy/)
124 【IDA插件体验】IDALazy! Make your IDA Lazy!
125 【IDA插件体验】IDA代码覆盖率测试工具 Lighthouse - Code Coverage Explorer for IDA Pro

About

看雪iOS安全小组的翻译团队作品集合,如有勘误,欢迎斧正!