Wendel's Small Hacking Tricks - The Annoying NT_STATUS_INVALID_WORKSTATION.
Since 2003 a large part of my workday has been devoted solely to hacking systems. Over this time ...
Read More[Honeypot Alert] JCE Joomla Extension Attacks
Our web honeypots picked up some increased exploit attempts for an old Joomla Content Editor (JCE) ...
Read MoreSpiderLabs Radio: March 20, 2014
In this episode we talk about the Windigo malware campaign, how a well-intentioned hacker brought ...
Read MoreGoogle Summer of Code (GSoC) + OWASP + ModSecurity = Awesome
OWASP is again participating in the Google Summer of Code (GSoC) Program for 2014 by acting as a ...
Read MoreColdFusion Admin Compromise Analysis (CVE-2010-2861)
In a previous blog post, I provided "Method of Entry" analysis for a ColdFusion compromise baed on ...
Read MoreDetecting A Surveillance State - Part 2 Radio Frequency Exfiltration
In the last post we reviewed a few hardware implants that may have been used by surveillance states ...
Read MoreSpiderLabs Radio: March 13, 2014
In this episode we talk about Microsoft Patch Tuesday providing patches for an Internet Explorer ...
Read MoreDeep Analysis of CVE-2014-0502 – A Double Free Story
A lot has already been said about CVE-2014-0502, the Adobe Flash Player zero-day that was part of a ...
Read MoreWordPress XML-RPC PingBack Vulnerability Analysis
There were news stories this week outlining how attackers are abusing the XML-PRC "pingback" ...
Read MoreDetecting A Surveillance State - Part 1 Hardware Implants
This is the first in a series of four blog posts that will cover defenses and detection methods for ...
Read MoreMicrosoft Patch Tuesday, March 2014
March's Patch Tuesday includes five bulletins, two rated "Critical" and three rated "Important". ...
Read MoreTouchlogging Part 3 - Final Thoughts
This is the third and final part on the subject of Touchlogging. I do recommend reading part one ...
Read MoreSpiderLabs Radio: March 7, 2014
In this episode we talk about a new Russian rootkit called Uroburos, another bitcoin exchange ...
Read MoreTouchlogging Part 2 - Android
This is part two in my Touchlogging series, you can find part one here.
Read MoreMicrosoft Advance Notification for March 2014
The Microsoft Security release for March will include patches for Windows, Internet Explorer and ...
Read MoreBloodletting the Arms Race: Using Attacker's Techniques for Defense
Submitted by Ziv Mador and Ryan Barnett
Read MoreGamut Spambot Analysis
In this blog post, we'll be describing the functionality of a spamming botnet which appears to have ...
Read MoreTouchlogging Part 1 - iOS
Although there have been numerous articles posted, I thought I would write about my recent ...
Read MoreSpiderLabs Radio: February 27, 2014
In this episode we talk about the Apple "gotofail" SSL vulnerability, SEA is still around and ...
Read MoreLook What I Found: Pony is After Your Coins!
In our previous episode of "Look What I Found" we detailed our discovery of a humongous instance of ...
Read MoreSpiderLabs Radio: February 20, 2014
In this episode we look at the new Linksys worm dubbed TheMoon, two new exploits target a 0 day ...
Read MoreInternet Explorer Zero Day: CVE-2014-0322
Recently, several security vendors reported about a new IE 0day which affects version 9 and 10. The ...
Read MoreModSecurity Advanced Topic of the Week: Detecting Browser Fingerprint Changes During Sessions
This blog post will discuss a section from Recipe 8-5: Detecting Browser Fingerprint Changes During ...
Read MoreFAQ: Pony Malware Payload Discovery
Our team's discovery of the spoils of yet another instance of Pony 1.9 has kept us busy the past ...
Read MoreResponder 2.0 - Owning Windows Networks part 3
The power and flexibility of Responder has grown significantly over the past year. Responder is a ...
Read MoreWait a minute... that’s not a real JPG!
When attackers compromise a website and want to harvest credit cards, they need to either find ...
Read MoreSpiderLabs Radio: February 13, 2014
In this episode we look at Facebook's open-sourcing of the Android crypto API "Conceal", more POS ...
Read More“Reversing” Non-Proxy Aware HTTPS Thick Clients w/ Burp
A little over a month ago, I published a Metasploit auxiliary module for brute-forcing Cisco ASDM ...
Read More