3月3日-每日安全知识热点

1.XSS漏洞影响广告网络，顶级出版商，零售商受影响

http://randywestergren.com/widespread-xss-vulnerabilities-ad-network-code-affecting-top-tier-publishers-retailers/

2.使用burp进行java反序列化攻击 

https://blog.netspi.com/java-deserialization-attacks-burp/

3.1password通过loopback接口发送你的明文密码 

https://medium.com/@rosshosman/1password-sends-your-password-across-the-loopback-interface-in-clear-text-307cefca6389#.o72hqfeni

4.基于docker的openvas扫描集群，改善提高你的扩展性范围 

https://www.nopsec.com/blog/docker-based-openvas-scanning-cluster-improve-scope-scalability/

5.恶意欺诈软件加密wordpress站点 

http://infocoin.net/en/2016/03/02/ransomware-encrypts-wordpress-sites-and-holds-them-hostage/

6.在你的网络里使用Sysinternal sysmon跟踪黑客 

https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2575&ithint=file%2cpptx&app=PowerPoint&authkey=!AGFBok7JLkOZSgE

7.黑客破解POS终端的时候依赖一些弱口令 

http://www.theregister.co.uk/2016/03/02/password_scanning_honeypot_research/

8.cobalt strike的一些过去的培训课程 

http://blog.cobaltstrike.com/2016/03/02/a-history-of-cobalt-strike-in-training-courses/

9.如何破解一个白盒不需要太多的成本 

https://www.insinuator.net/2016/03/how-to-crack-a-white-box-without-much-effort/

10.bifrose(彩虹桥)木马开始支持Unix 

http://blog.trendmicro.com/trendlabs-security-intelligence/threat-actors-behind-shrouded-crossbow-creates-bifrose-for-unix