Trustwave Analysis of the January 2014 Oracle CPU
It's the second Tuesday in January, so it is Oracle Critical Patch Update (CPU) time. The January ...
Read More
Setting HoneyTraps with ModSecurity: Adding Fake HTML Comments
This blog post continues with the topic of setting "HoneyTraps" within your web applications to ...
Read MoreMicrosoft Patch Tuesday, January 2014
Hopefully January's Patch Tuesday is a sign of things to come for 2014. With only four bulletins, ...
Read MoreSpiderLabs Radio: January 10, 2014
In this week's podcast we talk about malware offered up in onlines ads, the return of email hacker ...
Read MoreSAP Sybase ASE 15.7 security updates
SAP Sybase Adaptive Server Enterprise is a relational database management product used to store ...
Read MoreMicrosoft Advance Notification for January 2014
Microsoft is scheduled to release the next security update for consumers on January 14th with ...
Read MoreSpiderLabs Radio: January 3, 2014
Welcome to the SpiderLabs Radio Reboot! As we bid our old host, Space Rogue, a fond farewell, we ...
Read MoreDaumGame ActiveX 0day
One might think that vulnerabilities in ActiveX controls are a thing of the past, but we continue ...
Read MoreThe Case of an Obscure Injection
During a recent application penetration test, I came across what proved to be an interesting SQL ...
Read MoreWendel's Small Hacking Tricks - A not so common and neat Oracle [for Windows] hack.
Since 2003 a large part of my workday has been devoted solely to hacking systems. Over this time ...
Read MoreHow Snotnose the Elf was Able to Compromise The North Pole Domain and Retrieve the Nice and Naughty Lists
Last Winter, Snotnose won the North vs South Pole CTF contest, and Santa awarded him the ultimate ...
Read MoreExploiting Password Recovery Functionalities
Password recovery functionalities can result in vulnerabilities in the same application they are ...
Read MoreQuick Joomla Refresher
I haven't come into contact with Joomla for a while, but I had the opportunity recently in a ...
Read MoreAnnouncing ModSecurity v2.7.6 Release (CI Platform Usage)
The ModSecurity Project team is pleased to announce public release version 2.7.6. Full Release ...
Read MoreThe Curious Case of the Malicious IIS Module: Prologue (Method of Entry Analysis)
Earlier this week, SpiderLabs Research team released a blog post outlining analysis of a malicious ...
Read MoreThe Kernel is calling a zero(day) pointer – CVE-2013-5065 – Ring Ring
SpiderLabs investigates a number of suspicious binary files on a daily basis. A week ago we came ...
Read MoreMicrosoft Patch Tuesday, December 2013
'Tis the season for an increase in cyber-criminal activities. In the past couple months, ...
Read MoreThe Curious Case of the Malicious IIS Module
Recently, we've seen a few instances of a malicious DLL that is installed as an IIS module making ...
Read MoreMicrosoft Advance Notification for December 2013
On December 10th, Microsoft will begin deploying their security updates to consumers with affected ...
Read MorePhysical Address Strangeness in Spam
Ten years ago, Congress passed the "CAN-SPAM Act" (also known as theYou-CAN-SPAM Act, since it ...
Read MoreHacking a Reporter: Sleepless Nights Outside a Brooklyn Brownstone (Part 3 of 3)
This post is the conclusion of a three-part series (read the first here and the second here) that ...
Read MoreLook What I Found: Moar Pony!
In our last episode of "Look What I Found" we talked about a fairly large instance of the Pony ...
Read More[Honeypot Alert] More PHP-CGI Scanning (apache-magika.c)
In the past 24 hours, one of the WASC Distributed Web Honeypot participant's sensors picked up ...
Read MoreSpiderLabs Responder Updates
Responder is a penetration-testing tool in active development. To continue making it the best tool ...
Read MoreSpam Triple Threat: Voice Message, Important System Update, and DHL Delivery spam campaign.
This week we discovered a large malware spam campaign that used the Zbot Trojan executable. It ...
Read MoreVulnerability in RiskNet Acquirer (TWSL2013-031)
Last week we released an advisory for a vulnerability discovered in the RiskNet Acquirer ...
Read MoreMalicious shells; Established != Active
During a recent investigation, SpiderLabs was presented with evidence that appeared to be ...
Read MoreTutorial for NTDS goodness (VSSADMIN, WMIS, NTDS.dit, SYSTEM)
I recently performed an internal penetration test where the NTDS.dit file got me thousands of ...
Read More