SpiderLabs Radio for the Week of January 5, 2015
In this week's episode:
Read More
Deobfuscating Malicious Macros Using Python
Over the past few weeks, we've observed cybercriminals spamming users, particularly in the UK, ...
Read MoreNo Country For Old Vulnerabilities
Finding a common cross-site scripting vulnerability in Cisco's new IOS Software Checker Feature.
Read MoreBuilding my own personal password cracking box
Since 2003, I've spent a majority of my workdays hacking systems. I've collected tons of ...
Read More[Honeypot Alert] Wordpress Wp Symposium 14.11 - Unauthenticated Shell Upload Exploit Attempt
Our web honeypots picked up some exploit attempts for the recently released vulnerability in the WP ...
Read MoreSigned Ruby Gems: A c7decrypt walk-through
As someone who's responsible for a number of Ruby projects, both open-source and commercially ...
Read MoreAnnouncing Net::TNS for Ruby – A Gem for Connecting to Oracle Databases
For the security professional, working with Oracle Database can present some…challenges. Not least ...
Read MoreAlina POS malware 'sparks' off a new variant
Alina is a well-documented family of malware used to scrape Credit Card (CC) data from Point of ...
Read MoreNew Device Module (DM) update for Trustwave SIEM 1.2.1 now available
Trustwave's most recent Device Module (DM), DM-22, is now available to customers in the TrustKeeper ...
Read MoreMicrosoft Patch Tuesday, December 2014
December's Microsoft Patch Tuesday is upon us and, hopefully, marks the last batch of bulletins for ...
Read MoreCVE-2014-3797: Reflected XSS Vulnerability in VMware Virtual Center Appliance (vCSA)
Trustwave SpiderLabs published an advisory today in conjunction with VMWare for a systemic ...
Read MoreMagnitude Exploit Kit Backend Infrastructure Insight - Part III
This is the fourth post in a four-part series about Magnitude (if you like, read the first, second, ...
Read MoreMicrosoft Advance Notification for December 2014
Microsoft will publish the last scheduled security release of the year on Tuesday, December 9th. ...
Read MoreSpiderLabs Radio for the week of November 24, 2014
SpiderLabs Radio is taking a hiatus this week to celebrate the Thanksgiving holiday. We give thanks ...
Read MoreModSecurity Advanced Topic of the Week: Detecting Malware with Fuzzy Hashing
We witnessed a sophisticated phishing campaign on 16th August 2017, targeting victims by sending ...
Read MoreMagnitude Exploit Kit Backend Infrastructure Insight - Part II
Welcome back to another edition of "exposing Magnitude exploit-kit internals"! As already mentioned ...
Read MoreMicrosoft Patch Tuesday, November 2014
Compared to previous Microsoft Patch Tuesday's, November's is a pretty big one clocking in at 14 ...
Read MoreMicrosoft Advance Notification for November 2014
This coming Tuesday, November 11, Microsoft will publish their next security update. With sixteen ...
Read MoreSmuggler - An interactive 802.11 wireless shell without the need for authentication or association
I've always been fascinated by wireless communications. The ability to launch seemingly invisible ...
Read MoreSetting HoneyTraps with ModSecurity: Adding Fake Cookies
This blog post continues with the topic of setting "HoneyTraps" within your web applications to ...
Read MoreBitcoin Transaction Malleability Theory in Practice – Ruxcon Australia 2014
Two weeks ago we gave a talk at the Ruxcon 10 conference in Melbourne, Australia titled "Bitcoin ...
Read MoreReflected File Download - A New Web Attack Vector
PLEASE NOTE: As promised, I've published a full white paper that is now available for download: ...
Read More