Microsoft Internet Explorer 0-Day (CVE-2014-1776)
A zero-day vulnerability in Microsoft Internet Explorer, CVE-2014-1776, was recently discovered ...
Read MoreLnk files in Email Malware Distribution
Recently I have noticed more use of .lnk files used in malware distribution via email. These files ...
Read MoreModSecurity Advanced Topic of the Week: JSON Support
Submitted by Felipe Costa and Ryan Barnett (SpiderLabs Research - ModSecurity Team)
Read MorePrivilege Escalation Vulnerability in Cisco ASA's SSL VPN
Trustwave SpiderLabs security researcher Jonathan Claudius has discovered a privilege escalation ...
Read MoreNetSupport Information Leakage Using Nmap Script
NetSupport allows corporations to remotely manage and connect to PC's and servers from a central ...
Read MoreTrustwave Analysis of the April 2014 Oracle CPU for Databases
The 17th of April fell this week, which means it is Oracle Critical Patch Update (CPU) time. The ...
Read MoreSpiderLabs Radio: April 10, 2014
In this episode I bid a fond farewell to Windows XP; Microsoft patches that RTF 0-day ...
Read MoreFarewell to XP
As Karl noted in his Patch Tuesday post, yesterday was the last day of support for Windows XP.
Read MoreDetecting A Surveillance State - Part 3 Infected Firmware
In this third installment of Detecting A Surveillance State blog series I will move away from ...
Read MoreCapturing Ghosts: Using inotify to defeat an Android DRM system
Apart from our typical application penetration testing engagements, clients sometimes come to us ...
Read MoreMicrosoft Patch Tuesday, April 2014
April's Microsoft Patch Tuesday is on par with the prior releases this year. There are only four ...
Read MoreSpiderLabs Radio: April 3, 2014
In this episode I talk about GMail making HTTPS mandatory, a move some people don't like; Microsoft ...
Read MoreMicrosoft Word RTF 0-Day (CVE-2014-1761)
A zero-day vulnerability in Microsoft Word involving the handling of the RTF file format was ...
Read MoreMicrosoft Advance Notification for April 2014
The Microsoft April security release is almost upon us with security updates scheduled to deploy on ...
Read MoreOld School Code Injection in an ATM .dll
During our last ATM review engagement, we found some interesting executable files that were run by ...
Read MoreAn Intro to NetSupport Manager Scripts
On a recent gig I was hit with hundreds of hosts running a service on port TCP 5405, the NetSupport ...
Read MoreStupid Spammer Tricks – Multi-Character Set Text
Looking to refinance your house? Install solar panels? Hey, this email about refinancing (or solar ...
Read MoreWendel's Small Hacking Tricks - The Annoying NT_STATUS_INVALID_WORKSTATION.
Since 2003 a large part of my workday has been devoted solely to hacking systems. Over this time ...
Read More[Honeypot Alert] JCE Joomla Extension Attacks
Our web honeypots picked up some increased exploit attempts for an old Joomla Content Editor (JCE) ...
Read MoreSpiderLabs Radio: March 20, 2014
In this episode we talk about the Windigo malware campaign, how a well-intentioned hacker brought ...
Read MoreGoogle Summer of Code (GSoC) + OWASP + ModSecurity = Awesome
OWASP is again participating in the Google Summer of Code (GSoC) Program for 2014 by acting as a ...
Read MoreColdFusion Admin Compromise Analysis (CVE-2010-2861)
In a previous blog post, I provided "Method of Entry" analysis for a ColdFusion compromise baed on ...
Read MoreDetecting A Surveillance State - Part 2 Radio Frequency Exfiltration
In the last post we reviewed a few hardware implants that may have been used by surveillance states ...
Read MoreSpiderLabs Radio: March 13, 2014
In this episode we talk about Microsoft Patch Tuesday providing patches for an Internet Explorer ...
Read More