SpiderLabs Blog

Trustwave Analysis of the April 2014 Oracle CPU for Databases

The 17th of April fell this week, which means it is Oracle Critical Patch Update (CPU) time. The ...

Announcing ModSecurity v2.8.0

SpiderLabs Radio: April 10, 2014

In this episode I bid a fond farewell to Windows XP; Microsoft patches that RTF 0-day ...

Farewell to XP

As Karl noted in his Patch Tuesday post, yesterday was the last day of support for Windows XP.

Detecting A Surveillance State - Part 3 Infected Firmware

In this third installment of Detecting A Surveillance State blog series I will move away from ...

Capturing Ghosts: Using inotify to defeat an Android DRM system

Apart from our typical application penetration testing engagements, clients sometimes come to us ...

Microsoft Patch Tuesday, April 2014

April's Microsoft Patch Tuesday is on par with the prior releases this year. There are only four ...

SpiderLabs Radio: April 3, 2014

In this episode I talk about GMail making HTTPS mandatory, a move some people don't like; Microsoft ...

Microsoft Word RTF 0-Day (CVE-2014-1761)

A zero-day vulnerability in Microsoft Word involving the handling of the RTF file format was ...

Microsoft Advance Notification for April 2014

The Microsoft April security release is almost upon us with security updates scheduled to deploy on ...

Old School Code Injection in an ATM .dll

During our last ATM review engagement, we found some interesting executable files that were run by ...

An Intro to NetSupport Manager Scripts

On a recent gig I was hit with hundreds of hosts running a service on port TCP 5405, the NetSupport ...

Stupid Spammer Tricks – Multi-Character Set Text

Looking to refinance your house? Install solar panels? Hey, this email about refinancing (or solar ...

Wendel's Small Hacking Tricks - The Annoying NT_STATUS_INVALID_WORKSTATION.

Since 2003 a large part of my workday has been devoted solely to hacking systems. Over this time ...

[Honeypot Alert] JCE Joomla Extension Attacks

Our web honeypots picked up some increased exploit attempts for an old Joomla Content Editor (JCE) ...

SpiderLabs Radio: March 20, 2014

In this episode we talk about the Windigo malware campaign, how a well-intentioned hacker brought ...

Google Summer of Code (GSoC) + OWASP + ModSecurity = Awesome

OWASP is again participating in the Google Summer of Code (GSoC) Program for 2014 by acting as a ...

ColdFusion Admin Compromise Analysis (CVE-2010-2861)

In a previous blog post, I provided "Method of Entry" analysis for a ColdFusion compromise baed on ...

Detecting A Surveillance State - Part 2 Radio Frequency Exfiltration

In the last post we reviewed a few hardware implants that may have been used by surveillance states ...

SpiderLabs Radio: March 13, 2014

In this episode we talk about Microsoft Patch Tuesday providing patches for an Internet Explorer ...

Deep Analysis of CVE-2014-0502 – A Double Free Story

A lot has already been said about CVE-2014-0502, the Adobe Flash Player zero-day that was part of a ...

WordPress XML-RPC PingBack Vulnerability Analysis

There were news stories this week outlining how attackers are abusing the XML-PRC "pingback" ...

Detecting A Surveillance State - Part 1 Hardware Implants

This is the first in a series of four blog posts that will cover defenses and detection methods for ...

Microsoft Patch Tuesday, March 2014

March's Patch Tuesday includes five bulletins, two rated "Critical" and three rated "Important". ...

Touchlogging Part 3 - Final Thoughts

This is the third and final part on the subject of Touchlogging. I do recommend reading part one ...

SpiderLabs Radio: March 7, 2014

In this episode we talk about a new Russian rootkit called Uroburos, another bitcoin exchange ...

Touchlogging Part 2 - Android

This is part two in my Touchlogging series, you can find part one here.

Microsoft Advance Notification for March 2014

The Microsoft Security release for March will include patches for Windows, Internet Explorer and ...