SpiderLabs Radio for the Week of March 9, 2015
In this week's episode:
Read More
Dumping LSA Secrets on NT5 x64
The Bug On the x64 version of Windows 2003 or XP (kernel 5.2), almost every tool fails to dump the ...
Read MoreMicrosoft Patch Tuesday, March 2015
March comes in like a lion this Microsoft Patch Tuesday with 14 bulletins including four rated ...
Read MoreAttackers concealing malicious macros in XML files
XML files are harmless text files right? Wrong! The group behind the malicious Microsoft Office ...
Read More[Honeypot Alert] FHS Null Byte Attack (CVE-2014-6287) Attempts to Install DDoS Malware (Iptablex)
Our web honeypots picked up some exploit attempts for CVE-2014-6287 which is a command execution ...
Read MoreRIG Exploit Kit – Diving Deeper into the Infrastructure
Following our previous blog post about the leaking of the RIG exploit kit's source code, we dug ...
Read MoreSpiderLabs Radio for the Week of February 16, 2015
Unfortunately there will be no SpiderLabs Radio podcast this week. I've discovered it's very hard ...
Read MoreAppDetectivePRO and DbProtect Knowledgebase Update 4.46
This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.
Read MoreTWSL2015-001 and TWSL2015-002: New Advisories Affect IceWarp Mail Server and Magnolia CMS
The SpiderLabs team at Trustwave published two new advisories today which detail issues discovered ...
Read MoreRIG Exploit Kit Source Code Leak - The End or Just the Beginning of RIG?
Recently, source code for the RIG exploit kit was leaked. An independent security researcher posted ...
Read MoreAnnouncing ModSecurity v2.9.0 Stable Release
The SpiderLabs Research - ModSecurity Team is proud to announce the stable release of version 2.9.0 ...
Read MoreMicrosoft Patch Tuesday, February 2015
Today marks Microsoft's February Patch Tuesday release and it's a pretty big one. This month's ...
Read MoreStealing RubyGems API Keys during Post Exploitation
Between April and May of 2013, I presented at SOURCE Boston and THOTCON and blogged about some of ...
Read MoreBamboo, Flexibility and Vulnerability Disclosure: Trustwave SpiderLabs’ Updated Guidelines
Trustwave is proud to announce an updated vulnerability disclosure policy. In the course of ...
Read MoreThe SpiderLabs blog will move to the Trustwave domain this week
In the coming days, the SpiderLabs blog will move-in to its new home within the Trustwave domain.
Read MoreA New Zero-Day of Adobe Flash CVE-2015-0313 Exploited in the Wild
Just yesterday Adobe announced a zero-day vulnerability in Adobe Flash Player version 16.0.0.296. ...
Read MoreGHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
A heap-based buffer overflow vulnerability in glibc (CVE-2015-0235) was announced this week.
Read MoreA New Zero-Day of Adobe Flash is used by the Prevalent Angler Exploit Kit in the Wild
Just yesterday, security researcher Kafeine discovered a zero-day vulnerability in Adobe Flash ...
Read MoreJSON Crypto Helper a Ruby-based Burp Extension for JSON Encryption/Decryption - Part III
This is the third in a three-part series about how to write a simple Ruby extension that helps deal ...
Read MoreJSON Crypto Helper a Ruby-based Burp Extension for JSON Encryption/Decryption - Part II
This is the second post in a three-part series about how to write a simple Ruby extension that ...
Read MoreJSON Crypto Helper a Ruby-based Burp Extension for JSON Encryption/Decryption - Part I
Burp Suite is one of my favorite tools when performing security assessments of web applications. ...
Read MoreSpiderLabs Radio for the Week of January 12, 2015
In this week's episode we discuss Responsible Vulnerability Disclosure in the wake of Google's ...
Read MoreMicrosoft Patch Tuesday, January 2015
Happy New Year and welcome to the first Microsoft Patch Tuesday of 2015. This year's January ...
Read More