Hacking Online Coupons
We all shop online. How many times, just before placing an online order, have you noticed the ...
Read More
Microsoft Patch Tuesday, December 2018
The last Patch Tuesday of 2018 is here and we are easing into the New Year with only 40 CVEs to ...
Read MoreMagecart - An overview and defense mechanisms
Summary This blog post offers insight into Magecart and offers advice on how to protect your ...
Read MoreScavenger: Post-Exploitation Tool for Collecting Vital Data
‘Scavenger’ - definition [noun]: a person who searches for and collects discarded items.
Read MoreTaking Advantage of AJAX for Account Enumeration
Context AJAX stands for Asynchronous JavaScript And XML. It’s a set of web development techniques ...
Read MoreSheepl : Automating People for Red and Blue Tradecraft
Whilst there is a wealth of information out there about how to build environments that can be used ...
Read MoreExploring and Modifying Android and Java Applications for Security Research
Sometimes pentesters and security researchers need to modify existing Java application but have no ...
Read MoreDecoding Hancitor Malware with Suricata and Lua
Many types of malware send and receive data via HTTP. They may either be sending updates back to ...
Read MoreModSecurity v3.0.3: What To Expect
At precisely 155 commits ahead of the latest version, ModSecurity version 3.0.3 contains a number ...
Read MoreMicrosoft Patch Tuesday, November 2018
The second to last Patch Tuesday of 2018 is here with patches for 55 CVEs. This includes 11 rated ...
Read MoreDemystifying Obfuscation Used in the Thanksgiving Spam Campaign
During Thanksgiving week, we noticed this quite unusual XML-format MS Office Document file:
Read MoreHacker's Wish Come True After Infecting Visitors of Make-A-Wish Website With Cryptojacking
After coming back from a vacation, the first thing to do is catch up with what happened while you ...
Read MoreDOH! DNS Over HTTPS Poses Possible Risks to Enterprises
Introduction David Middlehurst of Trustwave SpiderLabs presented at the first ever conference ...
Read More10 Years On – A Look Back at MS08-067
It has been ten years since the release of MS08-067. Unlike many of the other incidents over the ...
Read MoreUnderground Code of Honor – Part 1 of 3
"We are all honorable men here, we do not have to give each other assurances as if we were ...
Read MoreRed Alert v2.0: Misadventures in Reversing Android Bot Malware
(Analysis by Rodel Mendrez and Lloyd Macrohon)
Read MoreSingHealth Data Breach – An Analytical Perspective
Executive Summary On July 20th 2018, the Singapore authorities announced1 that Singapore's largest ...
Read MoreTWSL2011-004: Cross-Site Scripting Vulnerability in ZyXEL ZyWALL 70 Firewall
The SpiderLabs team at Trustwave published a new advisory today, which details a vulnerability ...
Read MoreUnpatched Remote Code Execution in Reprise License Manager
During a recent penetration testing engagement, I came across a particularly interesting web ...
Read MoreWD My Cloud EX2 Serves Your Files to Anyone
Western Digital's My Cloud is a popular storage/backup device that lets users backup and store ...
Read MoreThe Underground Job Market – Part 2 of 3
"Leave your ego at the door every morning, and just do some truly great work. Few things will make ...
Read MoreMicrosoft Patch Tuesday, October 2018
October's Patch Tuesday is here and with it come patches for 49 CVEs and a "Defense in Depth" ...
Read MoreCredential Leak Flaws in Windows PureVPN Client
Using a VPN (Virtual Private Network) can bring many advantages, particularly when you want to ...
Read MoreCVE-2018-16962: Webroot SecureAnywhere macOS Kernel Level Memory Corruption
Trustwave recently discovered a locally exploitable issue in the macOS version of the Webroot ...
Read MorePatch Tuesday, September 2018
September's Patch Tuesday is here with patches for 61 CVEs and two roll up patches, one for ...
Read MoreDrupal Cache Poisoning SA-CORE-2018-005
(Analysis by Lena Frid, Bar Menachem and Victor Hora)
Read MoreFirework: Leveraging Microsoft Workspaces in a Penetration Test
Overview WCX files can be used to configure a Microsoft Workplace on a system with a couple of ...
Read More