Announcing ModSecurity v2.9.0 Stable Release
The SpiderLabs Research - ModSecurity Team is proud to announce the stable release of version 2.9.0 ...
Read MoreMicrosoft Patch Tuesday, February 2015
Today marks Microsoft's February Patch Tuesday release and it's a pretty big one. This month's ...
Read MoreStealing RubyGems API Keys during Post Exploitation
Between April and May of 2013, I presented at SOURCE Boston and THOTCON and blogged about some of ...
Read MoreBamboo, Flexibility and Vulnerability Disclosure: Trustwave SpiderLabs’ Updated Guidelines
Trustwave is proud to announce an updated vulnerability disclosure policy. In the course of ...
Read MoreThe SpiderLabs blog will move to the Trustwave domain this week
In the coming days, the SpiderLabs blog will move-in to its new home within the Trustwave domain.
Read MoreA New Zero-Day of Adobe Flash CVE-2015-0313 Exploited in the Wild
Just yesterday Adobe announced a zero-day vulnerability in Adobe Flash Player version 16.0.0.296. ...
Read MoreGHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
A heap-based buffer overflow vulnerability in glibc (CVE-2015-0235) was announced this week.
Read MoreA New Zero-Day of Adobe Flash is used by the Prevalent Angler Exploit Kit in the Wild
Just yesterday, security researcher Kafeine discovered a zero-day vulnerability in Adobe Flash ...
Read MoreJSON Crypto Helper a Ruby-based Burp Extension for JSON Encryption/Decryption - Part III
This is the third in a three-part series about how to write a simple Ruby extension that helps deal ...
Read MoreJSON Crypto Helper a Ruby-based Burp Extension for JSON Encryption/Decryption - Part II
This is the second post in a three-part series about how to write a simple Ruby extension that ...
Read MoreJSON Crypto Helper a Ruby-based Burp Extension for JSON Encryption/Decryption - Part I
Burp Suite is one of my favorite tools when performing security assessments of web applications. ...
Read MoreSpiderLabs Radio for the Week of January 12, 2015
In this week's episode we discuss Responsible Vulnerability Disclosure in the wake of Google's ...
Read MoreMicrosoft Patch Tuesday, January 2015
Happy New Year and welcome to the first Microsoft Patch Tuesday of 2015. This year's January ...
Read MoreDeobfuscating Malicious Macros Using Python
Over the past few weeks, we've observed cybercriminals spamming users, particularly in the UK, ...
Read MoreNo Country For Old Vulnerabilities
Finding a common cross-site scripting vulnerability in Cisco's new IOS Software Checker Feature.
Read MoreBuilding my own personal password cracking box
Since 2003, I've spent a majority of my workdays hacking systems. I've collected tons of ...
Read More[Honeypot Alert] Wordpress Wp Symposium 14.11 - Unauthenticated Shell Upload Exploit Attempt
Our web honeypots picked up some exploit attempts for the recently released vulnerability in the WP ...
Read MoreSigned Ruby Gems: A c7decrypt walk-through
As someone who's responsible for a number of Ruby projects, both open-source and commercially ...
Read MoreAnnouncing Net::TNS for Ruby – A Gem for Connecting to Oracle Databases
For the security professional, working with Oracle Database can present some…challenges. Not least ...
Read MoreAlina POS malware 'sparks' off a new variant
Alina is a well-documented family of malware used to scrape Credit Card (CC) data from Point of ...
Read MoreNew Device Module (DM) update for Trustwave SIEM 1.2.1 now available
Trustwave's most recent Device Module (DM), DM-22, is now available to customers in the TrustKeeper ...
Read MoreMicrosoft Patch Tuesday, December 2014
December's Microsoft Patch Tuesday is upon us and, hopefully, marks the last batch of bulletins for ...
Read MoreCVE-2014-3797: Reflected XSS Vulnerability in VMware Virtual Center Appliance (vCSA)
Trustwave SpiderLabs published an advisory today in conjunction with VMWare for a systemic ...
Read MoreMagnitude Exploit Kit Backend Infrastructure Insight - Part III
This is the fourth post in a four-part series about Magnitude (if you like, read the first, second, ...
Read More