SpiderLabs Blog

Hunting For Integer Overflows In Web Servers

March 01, 2024 Tom Neaves

Allow me to set the scene and start proceedings off with a definition of an integer overflow, ...

Spoofing 802.11 Wireless Beacon Management Frames with Manipulated Power Values Resulting in Denial of Service for Wireless Clients

January 26, 2024 Tom Neaves

This is another one of those blog posts from me about how I independently carried out some security ...

(Response) Splitting Up Reverse Proxies To Reach Internal Only Paths

January 11, 2024 Tom Neaves

When I’m carrying out security research into a thing, I generally don’t like to Google prior ...

Hidden Data Exfiltration Using Time, Literally

October 17, 2023 Tom Neaves

I was looking at my watch last week and my attention was moved towards the seconds over at the ...

SNAPPY: Detecting Rogue and Fake 802.11 Wireless Access Points Through Fingerprinting Beacon Management Frames

June 27, 2023 Tom Neaves

From Admin to AdminPlusPlus: Breaking Out of Sandboxed Applications Through Recon, Being Brave and Abusing SSO Domain Account Mappings

June 08, 2023 Tom Neaves

I've been pentesting applications for nearly two decades now and throughout that time you get to ...

Hunting For Password Reset Tokens By Spraying And Using HTTP Pipelining

May 30, 2023 Tom Neaves

As is tradition with my blog posts, let’s start off a definition of what HTTP pipelining is all ...

From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over

May 23, 2023 Tom Neaves

For those wondering what GraphQL is…

When User Impersonation Features In Applications Go Bad

May 18, 2023 Tom Neaves

A user impersonation feature typically allows a privileged user, such as an administrator, but ...

Abusing Time-Of-Check Time-Of-Use (TOCTOU) Race Condition Vulnerabilities in Games, Harry Potter Style

May 16, 2023 Tom Neaves

I feel I need to clarify, for legal reasons, that this is nothing to do with any Harry Potter game. ...

CVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwd

April 13, 2023 Tom Neaves

A little bit of background for those not familiar with chfn…

From Creative Password Hashes to Administrator: Gone in 60 Seconds (Or Thereabouts)

March 25, 2021 Tom Neaves

Picture the scene, you’re on an application penetration test (as a normal user) and you’ve managed ...

Reversing (and Recreating) Cryptographic Secrets Found in .NET Assemblies Using Python

February 04, 2020 Tom Neaves

Picture the scene - you’re on a penetration test, somehow you’ve got hold of a bunch of .NET ...

Experiencing a security breach?

Experiencing a security breach?

Why We Should Probably Stop Visually Verifying Checksums

Stay Informed

Hunting For Integer Overflows In Web Servers

Spoofing 802.11 Wireless Beacon Management Frames with Manipulated Power Values Resulting in Denial of Service for Wireless Clients

(Response) Splitting Up Reverse Proxies To Reach Internal Only Paths

Hidden Data Exfiltration Using Time, Literally

SNAPPY: Detecting Rogue and Fake 802.11 Wireless Access Points Through Fingerprinting Beacon Management Frames

From Admin to AdminPlusPlus: Breaking Out of Sandboxed Applications Through Recon, Being Brave and Abusing SSO Domain Account Mappings

Hunting For Password Reset Tokens By Spraying And Using HTTP Pipelining

From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over

When User Impersonation Features In Applications Go Bad

Abusing Time-Of-Check Time-Of-Use (TOCTOU) Race Condition Vulnerabilities in Games, Harry Potter Style

CVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwd

From Creative Password Hashes to Administrator: Gone in 60 Seconds (Or Thereabouts)

Reversing (and Recreating) Cryptographic Secrets Found in .NET Assemblies Using Python

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from Trustwave.