Bitcoin Transaction Malleability Theory in Practice – Blackhat USA 2014
***UPDATE: 10/17/2014
Read More
Monkey Patching the Matrix
For those of you not familiar with monkey patching, it's a mechanism to "extend or modify the ...
Read MoreMicrosoft Patch Tuesday, August 2014
August's Microsoft Patch Tuesday is upon us and Microsoft is issuing nine security bulletins, two ...
Read MoreMagnitude Exploit Kit Backend Infrastructure Insight - Part I
In our recently released Trustwave Global Security Report Online and previous Magnitude blog post, ...
Read MoreIt’s ALIVE: Trustwave Global Security Report Online Now Available
This morning we unveiled our reinvented Trustwave Global Security Report. It's a living report, ...
Read MoreA Peek Into the Lion's Den – The Magnitude [aka PopAds] Exploit Kit
Recently we managed to get an unusual peek into the content that is used on the servers of the ...
Read MoreBlackhat Arsenal 2014: Live ModSecurity Demonstrations
If you are heading out to Blackhat USA 2014 in Las Vegas this week, please stop by the Arsenal ...
Read MoreSpiderLabs Radio: July 31, 2014
Hello loyal listeners. I just wanted to let you know that this is not the podcast you were looking ...
Read MoreBackoff - Technical Analysis
As discussed in the an advisory published by US-CERT, Trustwave SpiderLabs has discovered a ...
Read More[Honeypot Alert] Wordpress XML-RPC Brute Force Scanning
There are news reports of new Wordpress XML-PRC brute force attacks being seen in the wild. The ...
Read MoreAbout Two Recently Patched IBM DB2 LUW Vulnerabilities
IBM recently released patches for three security vulnerabilities affecting various versions of DB2 ...
Read MoreMicrosoft Patch Tuesday, July 2014
July's Microsoft Patch Tuesday is a light release with two "Critical" bulletins, three "Important" ...
Read MoreMicrosoft Advance Notification for July 2014
Microsoft will publish their next security patch release on Tuesday, July 8. This seems to be a ...
Read More8 Common Pitfalls of Heartbleed Identification and Remediation (CVE-2014-0160)
Unfortunately, one of the biggest vulnerabilities disclosed this year, Heartbleed, has been ...
Read MoreAnalysis of a New Banking Trojan Spammed by Cutwail
The Cutwail spambot has a long history of sending spam with attached malicious files such as Zbot, ...
Read MoreWeak passwords? Better call The Doctor.
Every network presents its own unique opportunity for a penetration tester. Often, hidden among the ...
Read MoreNAC doesn’t like your penetration testing device? IPv6 to the rescue!
Sometimes when I conduct a network penetration test it's just too easy to get to the "crown ...
Read MoreSetting HoneyTraps with ModSecurity: Adding Fake Hidden Form Fields
This blog post continues with the topic of setting "HoneyTraps" within your web applications to ...
Read MoreMicrosoft Patch Tuesday, June 2014
June's Microsoft Patch Tuesday contains seven bulletins, including two rated "Critical" and five ...
Read MoreFrom a Username to Full Account Takeover
In the past year there have been many major data breach incidents in which usernames, email ...
Read MoreSpiderLabs Radio: June 5, 2014
In this episode I talk about some odd ransom ware targeting Apple iDevices and I go over the ...
Read More